华为配置车地通信快速切换实验

知孤云出岫2024-02-08 20:51

配置车地通信快速切换示例

组网图形
图1配置车地通信快速切换业务示意图

  • 组网需求
  • 配置思路
  • 配置注意事项
  • 操作步骤
  • 配置文件
组网需求

某轨交企业为了降低网络部署成本,提升服务质量,希望通过WLAN技术实现车地通信,使部署在地面网络的组播服务器能为车内乘客提供车载多媒体咨询业务。如图1所示,在该企业的一号线沿线部署了轨旁AP,部署在地面网络的AC和轨旁AP以有线方式实现二层互通。在一号线运行的列车的车头和车尾分别部署了车载AP,每次运行时,仅部署在车头的车载AP工作,车尾车载AP处于休眠状态。在列车到达终点站调头运行时,两个车载AP的工作状态也会随之调换。通过车载AP和轨旁AP间的无线链路实现了车地通信,使得地面网络的组播源能为车内乘客提供车载多媒体咨询业务。

配置思路
  1. 配置地面网络,使轨旁AP和AC实现二层互通。
  2. 配置地面网络设备的组播服务,使地面网络可以正确转发组播数据。
  3. 配置轨旁AP和车载AP的车地通信快速切换功能,使车载AP可以和轨道沿线的轨旁AP通过Mesh链路对接。
  4. 配置车载网络,使车载网络内部数据互通。
  • 本配置举例中轨旁AP使用的是华为AP9131DN(FIT AP),车载AP是华为AP9131DN(FAT AP)。
  • 本配置举例中使用的交换机和路由器均为华为产品。
AP 类型 MAC
轨旁AP(L1_001) AP9131DN 00e0-fc59-1d10
轨旁AP(L1_003) AP9131DN 00e0-fc59-1d20
轨旁AP(L1_010) AP9131DN 00e0-fc59-1d30
轨旁AP(L1_150) AP9131DN 00e0-fc59-1d40
轨旁AP(L1_160) AP9131DN 00e0-fc59-1d50
轨旁AP(L1_170) AP9131DN 00e0-fc59-1d60
......
车载AP(车头) AP9131DN 00e0-fc59-2e10
车载AP(车尾) AP9131DN 00e0-fc59-2e20
......
[表1为完成配置任务,需要获悉AP的以下数据。]
配置项 数据
管理VLAN VLAN 100
组播业务VLAN VLAN 101
网关地址 AC的VLANIF 101的IP地址:10.23.224.1/24
DHCP服务器 AC作为DHCP服务器为轨旁AP和车载终端分配IP地址
AP的IP地址池 10.23.100.2~10.23.100.254/24
车载终端的IP地址池 10.23.224.4~10.23.224.254/24
AC的源接口IP地址 VLANIF 100:10.23.100.1/24
轨旁AP的AP组 名称:mesh-mpp
轨旁AP的AP ID * 轨旁AP(L1_001):1 * 轨旁AP(L1_003):2 * 轨旁AP(L1_010):3 * 轨旁AP(L1_150):101 * 轨旁AP(L1_160):102 * 轨旁AP(L1_170):103
安全模板 * 名称:sp01 * 安全策略:WPA2+PSK+AES * 密码类型:PASS-PHRASE * 认证密钥:YsHsjx_202206
Mesh模板 轨旁AP: * 名称:mesh-net * 标识:mesh-net 车载AP: * 名称:mesh-net * 标识:mesh-net
Mesh快切模板 轨旁AP: * 名称:hand-over 车载AP: * 名称:hand-over
轨旁AP Mesh白名单 名称:whitelist01 根据实际情况,应添加该轨道上所有的车载AP的MAC。
车载AP Mesh白名单 名称:whitelist01 根据实际情况,应添加该轨道上所有的轨旁AP的MAC。
被代理地面设备MAC地址 * 网关的MAC地址:00e0-fce9-d328 * 网管用户的MAC地址:00e0-fc88-12cd * 组播源的MAC地址:00e0-fc88-b6ab
被代理车载设备MAC地址 * 车载终端_1的MAC地址:00e0-fc88-d359 * 车载终端_2的MAC地址:00e0-fc88-d270
组播服务的组播组 225.1.1.1~225.1.1.3
[表2为完成配置任务,需规划以下数据项。]
配置注意事项

  • 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。

    • 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
    • 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。

  • 建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。

  • 隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。

  • V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。

  • V200R021C00版本开始,AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能,添加AP时AP会上线失败,此时需要先开启CAPWAP DTLS不认证方式(capwap dtls no-auth enable )让AP上线,以便AP获取安全凭证,AP上线后应及时关闭该功能(undo capwap dtls no-auth enable),避免未授权AP上线。Web网管的该功能位于"配置 > AC配置 > 基本配置 > AC基本信息 > 高级 > CAPWAP链路配置 > 允许AP以不认证方式与AC进行DTLS会话"。

操作步骤

  • 配置地面网络设备

    1. 配置AC,在AC上创建VLAN100、VLAN101、VLAN200,将接口GE0/0/1~GE0/0/4加入VLAN101,并允许VLAN101的报文通过,配置接口GE0/0/3和GE0/0/4的PVID为VLAN101。将接口GE0/0/5加入VLAN200,其PVID为VLAN200,允许VLAN200的报文通过。将接口GE0/0/1和GE0/0/2配置为允许VLAN100的报文通过。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd"><HUAWEI> <strong>system-view</strong>
[HUAWEI] <strong>sysname AC</strong>
[AC] <strong>vlan batch 100 101 200</strong>
[AC] <strong>interface gigabitEthernet 0/0/1</strong>
[AC-GigabitEthernet0/0/1] <strong>port link-type trunk</strong>
[AC-GigabitEthernet0/0/1] <strong>port trunk allow-pass vlan 100 101</strong>
[AC-GigabitEthernet0/0/1] <strong>quit</strong>
[AC] <strong>interface gigabitEthernet 0/0/2</strong>
[AC-GigabitEthernet0/0/2] <strong>port link-type trunk</strong>
[AC-GigabitEthernet0/0/2] <strong>port trunk allow-pass vlan 100 101</strong>
[AC-GigabitEthernet0/0/2] <strong>quit</strong>
[AC] <strong>interface gigabitEthernet 0/0/3</strong>
[AC-GigabitEthernet0/0/3] <strong>port link-type trunk</strong>
[AC-GigabitEthernet0/0/3] <strong>port trunk pvid vlan 101</strong>
[AC-GigabitEthernet0/0/3] <strong>port trunk allow-pass vlan 101</strong>
[AC-GigabitEthernet0/0/3] <strong>quit</strong>
[AC] <strong>interface gigabitEthernet 0/0/4</strong>
[AC-GigabitEthernet0/0/4] <strong>port link-type trunk</strong>
[AC-GigabitEthernet0/0/4] <strong>port trunk pvid vlan 101</strong>
[AC-GigabitEthernet0/0/4] <strong>port trunk allow-pass vlan 101</strong>
[AC-GigabitEthernet0/0/4] <strong>quit</strong>
[AC] <strong>interface gigabitEthernet 0/0/5</strong>
[AC-GigabitEthernet0/0/5] <strong>port link-type trunk</strong>
[AC-GigabitEthernet0/0/5] <strong>port trunk pvid vlan 200</strong>
[AC-GigabitEthernet0/0/5] <strong>port trunk allow-pass vlan 200</strong>
[AC-GigabitEthernet0/0/5] <strong>quit</strong></span></span></span>

    2. 配置AC的接口VLANIF101的IP地址,并使能DHCP服务器功能为车载网络分配IP地址。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>dhcp enable</strong>
[AC] <strong>interface vlanif 101</strong>
[AC-Vlanif101] <strong>ip address 10.23.224.1 20</strong>
[AC-Vlanif101] <strong>dhcp select interface</strong>
[AC-Vlanif101] <strong>dhcp server excluded-ip-address 10.23.224.2 10.23.224.3</strong>
[AC-Vlanif101] <strong>quit</strong></span></span></span>

    3. 配置AC的接口VLANIF100的IP地址,并使能DHCP服务器功能为轨旁AP分配IP地址。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>interface vlanif 100</strong>
[AC-Vlanif100] <strong>ip address 10.23.100.1 20</strong>
[AC-Vlanif100] <strong>dhcp select interface</strong>
[AC-Vlanif100] <strong>quit</strong></span></span></span>

    4. 配置AC的接口VLANIF200的IP地址,并配置缺省路由下一跳地址为Router的接口GE1/0/0的IP地址,使车地通信网络发往外网的报文上送到出口路由Router。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>interface vlanif 200</strong>
[AC-Vlanif200] <strong>ip address 10.23.200.2 24</strong>
[AC-Vlanif200] <strong>quit</strong>
[AC] <strong>ip route-static 0.0.0.0 0 10.23.200.1</strong></span></span></span>

    5. 配置Router的接口GE1/0/0的IP地址,并配置路由,配置到内网网段的报文下一跳为10.23.200.2。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd"><Huawei> <strong>system-view</strong>
[Huawei] <strong>sysname Router</strong>
[Router] <strong>interface gigabitethernet 1/0/0</strong>
[Router-GigabitEthernet1/0/0] <strong>ip address 10.23.200.1 24</strong>
[Router-GigabitEthernet1/0/0] <strong>quit</strong>
[Router] <strong>ip route-static 10.23.224.0 20 10.23.200.2</strong>
[Router] <strong>ip route-static 10.23.100.0 20 10.23.200.2</strong></span></span></span>

      用户需根据实际需求配置出口路由到外网的路由表以及出口路由的NAT功能,以保证内外网的正常访问。

    6. 配置Switch_B和Switch_C使轨旁AP和地面网络实现二层互通

      在Switch_B上创建VLAN100、VLAN101,并配置Switch_B的接口GE0/0/2允许VLAN100、VLAN101的报文通过。配置Switch_B的接口GE0/0/1允许VLAN100、VLAN101的报文通过,GE0/0/1的PVID为VLAN100(轨旁AP的管理VLAN)。

      Switch_B上连接其他轨旁AP的接口请参考GE0/0/1进行配置,配置接口允许VLAN100、VLAN101的报文通过,配置接口的PVID为VLAN100。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd"><HUAWEI> <strong>system-view</strong>
[HUAWEI] <strong>sysname Switch_B</strong>
[Switch_B] <strong>vlan batch 100 101</strong>
[Switch_B] <strong>interface gigabitEthernet 0/0/2</strong>
[Switch_B-GigabitEthernet0/0/2] <strong>port link-type trunk</strong>
[Switch_B-GigabitEthernet0/0/2] <strong>port trunk allow-pass vlan 100 101</strong>
[Switch_B-GigabitEthernet0/0/2] <strong>quit</strong>
[Switch_B] <strong>interface gigabitEthernet 0/0/1</strong>
[Switch_B-GigabitEthernet0/0/1] <strong>port link-type trunk</strong>
[Switch_B-GigabitEthernet0/0/1] <strong>port trunk pvid vlan 100</strong>
[Switch_B-GigabitEthernet0/0/1] <strong>port trunk allow-pass vlan 100 101</strong>
[Switch_B-GigabitEthernet0/0/1] <strong>quit</strong></span></span></span>

      在Switch_C上创建VLAN100、VLAN101,并配置Switch_C的接口GE0/0/2允许VLAN100、VLAN101的报文通过。配置Switch_C的接口GE0/0/1允许VLAN100、VLAN101的报文通过,GE0/0/1的PVID为VLAN100。

      Switch_C上连接其他轨旁AP的接口请参考GE0/0/1进行配置,配置接口允许VLAN100、VLAN101的报文通过,配置接口的PVID为VLAN100。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd"><HUAWEI> <strong>system-view</strong>
[HUAWEI] <strong>sysname Switch_C</strong>
[Switch_C] <strong>vlan batch 100 101</strong>
[Switch_C] <strong>interface gigabitEthernet 0/0/2</strong>
[Switch_C-GigabitEthernet0/0/2] <strong>port link-type trunk</strong>
[Switch_C-GigabitEthernet0/0/2] <strong>port trunk allow-pass vlan 100 101</strong>
[Switch_C-GigabitEthernet0/0/2] <strong>quit</strong>
[Switch_C] <strong>interface gigabitEthernet 0/0/1</strong>
[Switch_C-GigabitEthernet0/0/1] <strong>port link-type trunk</strong>
[Switch_C-GigabitEthernet0/0/1] <strong>port trunk pvid vlan 100</strong>
[Switch_C-GigabitEthernet0/0/1] <strong>port trunk allow-pass vlan 100 101</strong>
[Switch_C-GigabitEthernet0/0/1] <strong>quit</strong></span></span></span>

    7. 配置地面网络设备AC、Switch_B和Switch_C的二层组播功能,使AC、Switch_B和Switch_C可以正确转发组播数据。

      在AC上使能全局的IGMP Snooping功能。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>igmp-snooping enable</strong></span></span></span>

      使能AC的VLAN101的IGMP Snooping功能。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>vlan 101</strong>
[AC-vlan101] <strong>igmp-snooping enable</strong>
[AC-vlan101] <strong>quit</strong></span></span></span>

      配置AC的组播组过滤策略。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>acl 2000</strong>
[AC-acl-basic-2000] <strong>rule permit source 225.1.1.1 0</strong>
[AC-acl-basic-2000] <strong>rule permit source 225.1.1.2 0</strong>
[AC-acl-basic-2000] <strong>rule permit source 225.1.1.3 0</strong>
[AC-acl-basic-2000] <strong>quit</strong></span></span></span>

      在AC的VLAN101内应用组播组过滤策略。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>vlan 101</strong>
[AC-vlan101] <strong>igmp-snooping group-policy 2000</strong>
[AC-vlan101] <strong>quit</strong></span></span></span>

      请参照AC的组播配置过程完成Switch_B和Switch_C的组播配置。

      配置Switch_B和Switch_C的组播快速离开功能。

      如果轨旁AP和交换机直连且组播为二层组播,则可以配置组播快速离开功能,提高组播效率。如果轨旁AP和交换机非直连,或者交换机配置的是三层组播,则不能使能组播快速离开功能,否则会造成组播数据中断等异常。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[Switch_B] <strong>vlan 101</strong>
[Switch_B-vlan101] <strong>igmp-snooping prompt-leave group-policy 2000</strong></span></span></span>
      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[Switch_C] <strong>vlan 101</strong>
[Switch_C-vlan101] <strong>igmp-snooping prompt-leave group-policy 2000</strong></span></span></span>

    8. 配置AP组、国家码和AC的源接口

      创建轨旁AP的AP组"mesh-mpp",用于将相同配置的轨旁AP都加入同一AP组中。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>wlan</strong>
[AC-wlan-view] <strong>ap-group name mesh-mpp</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>quit</strong></span></span></span>

      创建域管理模板,在域管理模板下配置AC的国家码并在AP组下引用域管理模板。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>regulatory-domain-profile name domain1</strong>
[AC-wlan-regulate-domain-domain1] <strong>country-code cn</strong>
[AC-wlan-regulate-domain-domain1] <strong>quit</strong>
[AC-wlan-view] <strong>ap-group name mesh-mpp</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>regulatory-domain-profile domain1</strong>
Warning: This configuration change will clear the channel and power configurations of radios, and may restart APs. Continue?[Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b17491131153716">y</strong>  
[AC-wlan-ap-group-mesh-mpp] <strong>quit</strong>
[AC-wlan-view] <strong>quit</strong></span></span></span>

      配置AC的源接口。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong id="ZH-CN_TASK_0176929222__zh-cn_task_0176917789_b1007605707190941">capwap source interface vlanif 100</strong></span></span></span>

      将轨旁AP加入到AP组"mesh-mpp"中。

      ap auth-mode 命令缺省情况下为MAC认证,如果之前没有修改其缺省配置,可以不用执行ap auth-mode mac-auth

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC] <strong>wlan</strong>
[AC-wlan-view] <strong>ap auth-mode mac-auth</strong>
[AC-wlan-view] <strong>ap-id 1 ap-mac 00e0-fc59-1d10</strong>
[AC-wlan-ap-1] <strong>ap-name L1_001</strong>
[AC-wlan-ap-1] <strong>ap-group mesh-mpp</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1651706244190906">y</strong>  
[AC-wlan-ap-1] <strong>quit</strong>
[AC-wlan-view] <strong>ap-id 2 ap-mac 00e0-fc59-1d20</strong>
[AC-wlan-ap-2] <strong>ap-name L1_003</strong>
[AC-wlan-ap-2] <strong>ap-group mesh-mpp</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1651706244190906_1">y</strong>  
[AC-wlan-ap-2] <strong>quit</strong>
[AC-wlan-view] <strong>ap-id 3 ap-mac 00e0-fc59-1d30</strong>
[AC-wlan-ap-3] <strong>ap-name L1_010</strong>
[AC-wlan-ap-3] <strong>ap-group mesh-mpp</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1651706244190906_2">y</strong>  
[AC-wlan-ap-3] <strong>quit</strong>
[AC-wlan-view] <strong>ap-id 101 ap-mac 00e0-fc59-1d40</strong>
[AC-wlan-ap-101] <strong>ap-name L1_150</strong>
[AC-wlan-ap-101] <strong>ap-group mesh-mpp</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1651706244190906_3">y</strong>  
[AC-wlan-ap-101] <strong>quit</strong>
[AC-wlan-view] <strong>ap-id 102 ap-mac 00e0-fc59-1d50</strong>
[AC-wlan-ap-102] <strong>ap-name L1_160</strong>
[AC-wlan-ap-102] <strong>ap-group mesh-mpp</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1651706244190906_4">y</strong>  
[AC-wlan-ap-102] <strong>quit</strong>
[AC-wlan-view] <strong>ap-id 103 ap-mac 00e0-fc59-1d60</strong>
[AC-wlan-ap-103] <strong>ap-name L1_170</strong>
[AC-wlan-ap-103] <strong>ap-group mesh-mpp</strong>
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1651706244190906_5">y</strong>  
[AC-wlan-ap-103] <strong>quit</strong></span></span></span>

    9. 配置轨旁AP的上行有线口允许携带VLAN101的报文通过。

      配置有线口模板"wired-port",以tagged方式加入VLAN101。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>wired-port-profile name wired-port</strong>
[AC-wlan-wired-port-wired-port] <strong>vlan tagged 101</strong>
[AC-wlan-wired-port-wired-port] <strong>quit</strong></span></span></span>

      配置AP组"mesh-mpp"引用有线口模板"wired-port"。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>ap-group name mesh-mpp</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>wired-port-profile wired-port gigabitethernet 0</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>quit</strong></span></span></span>

    10. 配置Mesh参数

      创建名称为whitelist01的Mesh白名单,并将车载AP的MAC地址添加Mesh白名单中。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>mesh-whitelist name whitelist01</strong>
[AC-wlan-mesh-whitelist-whitelist01] <strong>peer-ap mac 00e0-fc59-2e10</strong>
[AC-wlan-mesh-whitelist-whitelist01] <strong>peer-ap mac 00e0-fc59-2e20</strong>
[AC-wlan-mesh-whitelist-whitelist01] <strong>quit</strong></span></span></span>

      请参照以上配置步骤将其他列车的车载AP的MAC地址加入Mesh白名单whitelist01中。

      配置Mesh链路使用的安全模板"sp01",Mesh仅支持WPA2+PSK+AES的安全策略。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>security-profile name sp01</strong>
[AC-wlan-sec-prof-sp01] <strong>security wpa2 psk pass-phrase YsHsjx_202206 aes</strong>
[AC-wlan-sec-prof-sp01] <strong>quit</strong></span></span></span>

      配置Mesh角色。配置轨旁的Mesh角色为"mesh-portal",Mesh角色是通过AP系统模板配置的。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>ap-system-profile name mesh-sys</strong>
[AC-wlan-ap-system-prof-mesh-sys] <strong>mesh-role mesh-portal</strong>
[AC-wlan-ap-system-prof-mesh-sys] <strong>quit</strong></span></span></span>

      配置Mesh快切模板"hand-over",并使能基于位置信息的快切算法。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>mesh-handover-profile name hand-over</strong>
[AC-wlan-mesh-handover-hand-over] <strong>location-based-algorithm enable</strong>
[AC-wlan-mesh-handover-hand-over] <strong>quit</strong></span></span></span>

      配置Mesh模板。配置Mesh网络的ID为"mesh-net",并引用安全模板和Mesh快切模板。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>mesh-profile name mesh-net</strong>
[AC-wlan-mesh-prof-mesh-net] <strong>mesh-id mesh-net</strong>
[AC-wlan-mesh-prof-mesh-net] <strong>security-profile sp01</strong>
[AC-wlan-mesh-prof-mesh-net] <strong>mesh-handover-profile hand-over</strong>
[AC-wlan-mesh-prof-mesh-net] <strong>quit</strong></span></span></span>

    11. 配置Mesh参数在轨旁AP射频上生效

      配置轨旁AP使用的射频和信道,并引用Mesh白名单、Mesh模板和AP系统模板。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>ap-group name mesh-mpp</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>ap-system-profile mesh-sys</strong>
Warning: This action may cause service interruption. Continue?[Y/N]<strong>y</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>radio 1</strong>
[AC-wlan-group-radio-mesh-mpp/1] <strong>channel 40mhz-plus 157</strong>
Warning: This action may cause service interruption. Continue?[Y/N]<strong id="ZH-CN_TASK_0176929222__zh-cn_task_0175818418_b1384307436190906">y</strong> 
[AC-wlan-group-radio-mesh-mpp/1] <strong>mesh-whitelist-profile whitelist01</strong>
[AC-wlan-group-radio-mesh-mpp/1] <strong>mesh-profile mesh-net</strong>
[AC-wlan-group-radio-mesh-mpp/1] <strong>quit</strong>
[AC-wlan-ap-group-mesh-mpp] <strong>quit</strong></span></span></span>

  • 配置车载网络设备

    本例给出车载AP(车头)的详细配置步骤,车载AP(车尾)的配置请参照车头车载AP的配置步骤进行配置。

    1. 在车载AP上创建VLAN101,并配置车载AP的接口GE0/0/0允许VLAN101的报文通过,且其PVID也为VLAN101。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd"><Huawei> <strong>system-view</strong>
<Huawei> <strong>sysname AP</strong>
[AP] <strong>vlan batch 101</strong>
[AP] <strong>interface gigabitethernet 0/0/0</strong>
[AP-GigabitEthernet0/0/0] <strong>port link-type trunk</strong>
[AP-GigabitEthernet0/0/0] <strong>port trunk pvid vlan 101</strong>
[AP-GigabitEthernet0/0/0] <strong>port trunk allow-pass vlan 101</strong>
[AP-GigabitEthernet0/0/0] <strong>quit</strong></span></span></span>

    2. 配置车载AP与轨旁AP之间车地通信快速切换的参数。

      配置Mesh链路使用的安全模板"sp01","sp01"的安全策略为WPA2+PSK+AES。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP] <strong>wlan</strong>
[AP-wlan-view] <strong>security-profile name sp01</strong>
[AP-wlan-sec-prof-sp01] <strong>security wpa2 psk pass-phrase YsH_2022 aes</strong>  //psk需要与轨旁AP的保持一致
[AP-wlan-sec-prof-sp01] <strong>quit</strong></span></span></span>

      配置Mesh快切模板"hand-over",并使能基于位置信息的快切算法,算法方向参数配置为"forward"。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP-wlan-view] <strong>mesh-handover-profile name hand-over</strong>
[AP-wlan-mesh-handover-hand-over] <strong>location-based-algorithm enable moving-direction forward </strong>
[AP-wlan-mesh-handover-hand-over] <strong>quit</strong></span></span></span>

      本例中车尾的车载AP需配置车载AP运行方向为backward

      配置Mesh模板。配置Mesh网络的ID为"mesh-net",并引用安全模板和Mesh快切模板。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP-wlan-view] <strong>mesh-profile name mesh-net</strong>
[AP-wlan-mesh-prof-mesh-net] <strong>mesh-id mesh-net</strong>
[AP-wlan-mesh-prof-mesh-net] <strong>security-profile sp01</strong>
[AP-wlan-mesh-prof-mesh-net] <strong>mesh-handover-profile hand-over</strong>
[AP-wlan-mesh-prof-mesh-net] <strong>quit</strong></span></span></span>

    3. 配置车载AP与车辆段AP之间的Mesh参数

      配置Mesh模板。配置Mesh网络的ID为"mesh-net",引用安全模板并开启Mesh客户端模式。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP-wlan-view] <strong>mesh-profile name mesh-client</strong>
[AP-wlan-mesh-prof-mesh-client] <strong>mesh-id mesh-net</strong>
[AP-wlan-mesh-prof-mesh-client] <strong>security-profile sp01</strong>
[AP-wlan-mesh-prof-mesh-client] <strong>client-mode enable</strong>
[AP-wlan-mesh-prof-mesh-client] <strong>quit</strong>
[AP-wlan-view] <strong>quit</strong></span></span></span>

    4. 配置Mesh参数在车载AP射频上生效

      配置车载AP使用的射频和信道,并引用Mesh模板。

      • V200R019C00及之前版本:

        screen 复制代码 
        <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP] <strong>interface wlan-radio 0/0/1</strong>
[AP-Wlan-Radio0/0/1] <strong>channel 40mhz-plus 157 </strong>
[AP-Wlan-Radio0/0/1] <strong>mesh-profile mesh-net</strong>
[AP-Wlan-Radio0/0/1] <strong>quit</strong></span></span></span>

      • V200R019C10及之后版本:

        screen 复制代码 
        <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP] <strong>wlan</strong>
[AP-wlan-view] <strong>ap-id 0</strong>
[AP-wlan-ap-0] <strong>radio 1</strong>
[AP-wlan-radio-0/1] <strong>calibrate auto-channel-select disable</strong>
[AP-wlan-radio-0/1] <strong>calibrate auto-txpower-select disable</strong>
[AP-wlan-radio-0/1] <strong>channel 40mhz-plus 157 </strong>
[AP-wlan-radio-0/1] <strong>mesh-profile mesh-net index 0</strong>
[AP-wlan-radio-0/1] <strong>mesh-profile mesh-client index 1</strong>
[AP-wlan-radio-0/1] <strong>quit</strong>
[AP-wlan-ap-0] <strong>quit</strong></span></span></span>

      请参照车载AP的射频1的配置步骤完成其他车载AP的配置,为其他车载AP创建Mesh型VAP。

    5. 在车载AP上添加被代理设备。

      添加被代理地面设备。将网关Switch_A、网管用户和组播源的MAC地址作为被代理地面设备在车载AP上添加。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP-wlan-view] <strong>mesh-proxy trackside-equip mac-address 707b-e8e9-d328 vlan 101</strong>
[AP-wlan-view] <strong>mesh-proxy trackside-equip mac-address 286e-d488-12cd vlan 101</strong>
[AP-wlan-view] <strong>mesh-proxy trackside-equip mac-address 286e-d488-b6ab vlan 101</strong></span></span></span>

      添加被代理车载设备。将车载终端的MAC地址作为被代理车载设备在车载AP上添加。

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP-wlan-view] <strong>mesh-proxy onboard-equip mac-address 286e-d488-d359 vlan 101</strong>
[AP-wlan-view] <strong>mesh-proxy onboard-equip mac-address 286e-d488-d270 vlan 101</strong>
[AP-wlan-view] <strong>quit</strong></span></span></span>

    6. 配置车载AP的IGMP Snooping功能。

      • V200R020C00及之前版本:

        screen 复制代码 
        <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP] <strong>igmp-snooping enable</strong>
[AP] <strong>vlan 101</strong>
[AP-vlan101] <strong>igmp-snooping enable</strong>
[AP-vlan101] <strong>quit</strong>
[AP] <strong>quit</strong></span></span></span>

      • V200R020C10及之后版本:

        screen 复制代码 
        <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AP] <strong>wlan</strong>
[AP-wlan-view] <strong>wired-port-profile name wlan-wired</strong>
[AP-wlan-wired-port-wlan-wired] <strong>igmp-snooping enable</strong>
[AP-wlan-wired-port-wlan-wired] <strong>quit</strong>
[AP-wlan-view] <strong>ap-id 0</strong>
[AP-wlan-ap-0] <strong>wired-port-profile wlan-wired gigabitethernet 0</strong>
[AP-wlan-ap-0] <strong>quit</strong>
[AP-wlan-view] <strong>quit</strong>
[AP] <strong>quit</strong></span></span></span>

  • 验证配置结果

    完成车地通信快速切换的业务部署后,在AC上通过执行命令display wlan mesh link all,可以查看轨旁AP和车载AP建立的Mesh链接。

    screen 复制代码 
    <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd"><AC> <strong>display wlan mesh link all</strong>
Rf   : radio ID             Dis  : coverage distance(100m)
Ch   : channel              Per  : drop percent(%)
TSNR : total SNR(dB)        P-   : peer
Mesh : Mesh mode            Re   : retry ratio(%)
RSSI : RSSI(dBm)            MaxR : max RSSI(dBm)
----------------------------------------------------------------------------------------------------------------------------------
APName          P-APName        P-APMAC         Rf Dis   Ch      Mesh    P-Status        RSSI  MaxR  Per  Re   TSNR  SNR(Ch0~3:dB)
Tx(Mbps)    Rx(Mbps)
----------------------------------------------------------------------------------------------------------------------------------
L1_001          AP              00e0-fc59-2e10  1  3     157     portal  -               -51   -38   0    0    47    39/47/-/-
192         192  
L1_003          AP              00e0-fc59-2e10  1  3     157     portal  -               -59   -7    0    0    50    19/14/37/-
192         192  
L1_010          AP              00e0-fc59-2e10  1  3     157     portal  -               -45   -33   0    0    37    20/17/17/-
192         192  
L1_150          AP              00e0-fc59-2e10  1  3     157     portal  -               -54   -39   0    0    46    34/43/-/-
192         192  
L1_160          AP              00e0-fc59-2e10  1  3     157     portal  -               -52   -7    0    0    32    21/18/35/-
192         192  
L1_170          AP              00e0-fc59-2e10  1  3     157     portal  -               -42   -33   0    0    29    26/14/19/-
192         192  
----------------------------------------------------------------------------------------------------------------------------------
Total: 6</span></span></span>

    完成车地通信快速切换的业务部署后,在AC上通过执行命令display mesh-neighbor-rssi,可以查看轨旁AP的场强收集结果。

    screen 复制代码 
    <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">[AC-wlan-view] <strong>display mesh-neighbor-rssi</strong>
AP name/MAC/Radio/Location-ID  Neighbor AP/MAC/Location-ID  RSSI  Update Time   
------------------------------------------------------------------------------  
L1_001/00e0-fc59-1d10/1/1        -/00e0-fc3f-e900/-           -44   18:08:21    
L1_003/00e0-fc59-1d20/1/3        -/00e0-fc3f-e900/-           -50   18:08:20    
L1_010/00e0-fc59-1d30/1/10       -/00e0-fc3f-e900/-           -28   18:08:21    
L1_150/00e0-fc59-1d40/1/150      -/00e0-fc59-2e10/-           -43   18:08:20    
L1_160/00e0-fc59-1d50/1/160      -/00e0-fc59-2e10/-           -47   18:08:21    
L1_170/00e0-fc59-1d60/1/170      -/00e0-fc59-2e10/-           -38   18:08:21    
------------------------------------------------------------------------------  
Total: 6</span></span></span>
配置文件

  • 地面网络设备

    • Router的配置文件

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">#
sysname Router
#
interface GigabitEthernet1/0/0
 ip address 10.23.200.1 255.255.255.0
#
ip route-static 10.23.100.0 255.255.240.0 10.23.200.2
ip route-static 10.23.224.0 255.255.240.0 10.23.200.2
#
return
</span></span></span>

    • Switch_B的配置文件

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">#
sysname Switch_B
#
 vlan batch 100 to 101
#
igmp-snooping enable
#
vlan 101
 igmp-snooping enable
 igmp-snooping group-policy 2000
 igmp-snooping prompt-leave group-policy 2000
#
acl number 2000
 rule 5 permit source 225.1.1.1 0
 rule 10 permit source 225.1.1.2 0
 rule 15 permit source 225.1.1.3 0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
return
</span></span></span>

    • Switch_C的配置文件

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">#
sysname Switch_C
#
 vlan batch 100 to 101
#
igmp-snooping enable
#
vlan 101
 igmp-snooping enable
 igmp-snooping group-policy 2000
 igmp-snooping prompt-leave group-policy 2000
#
acl number 2000
 rule 5 permit source 225.1.1.1 0
 rule 10 permit source 225.1.1.2 0
 rule 15 permit source 225.1.1.3 0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
return
</span></span></span>

    • AC的配置文件

      screen 复制代码 
      <span style="color:#333333"><span style="background-color:#ffffff"><span style="background-color:#dddddd">#
sysname AC
#
vlan batch 100 to 101 200
#
igmp-snooping enable
#
dhcp enable
#
acl number 2000
 rule 5 permit source 225.1.1.1 0
 rule 10 permit source 225.1.1.2 0
 rule 15 permit source 225.1.1.3 0
#
vlan 101
 igmp-snooping enable
 igmp-snooping group-policy 2000
#
interface Vlanif100
 ip address 10.23.100.1 255.255.240.0
 dhcp select interface
#
interface Vlanif101
 ip address 10.23.224.1 255.255.240.0
 dhcp select interface
 dhcp server excluded-ip-address 10.23.224.2 10.23.224.3
#
interface Vlanif200
 ip address 10.23.200.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk pvid vlan 101
 port trunk allow-pass vlan 101
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 101
 port trunk allow-pass vlan 101
#
interface GigabitEthernet0/0/5
 port link-type trunk
 port trunk pvid vlan 200
 port trunk allow-pass vlan 200
#
ip route-static 0.0.0.0 0.0.0.0 10.23.200.1
#
capwap source interface vlanif100
#
wlan
 security-profile name sp01
  security wpa2 psk pass-phrase %^%#g^Rs#om$z!uIXX;5P9W.#&g;"F4a6[$CJ$w2s]bhH%^%# aes
 mesh-handover-profile name hand-over
  location-based-algorithm enable
 mesh-whitelist-profile name whitelist01
  peer-ap mac 00e0-fc59-2e10
  peer-ap mac 00e0-fc59-2e20
 mesh-profile name mesh-net
  mesh-handover-profile hand-over
  security-profile sp01
  mesh-id mesh-net
 regulatory-domain-profile name domain1
 ap-system-profile name mesh-sys
  mesh-role mesh-portal
 wired-port-profile name wired-port
  vlan tagged 101
 ap-group name mesh-mpp
  ap-system-profile mesh-sys
  wired-port-profile wired-port gigabitethernet 0
  regulatory-domain-profile domain1
  radio 1
   mesh-profile mesh-net
   mesh-whitelist-profile whitelist01
   channel 40mhz-plus 157
 ap-id 1 ap-mac 00e0-fc59-1d10
  ap-name L1_001
  ap-group mesh-mpp
 ap-id 2 ap-mac 00e0-fc59-1d20
  ap-name L1_003
  ap-group mesh-mpp
 ap-id 3 ap-mac 00e0-fc59-1d30
  ap-name L1_010
  ap-group mesh-mpp
 ap-id 101 ap-mac 00e0-fc59-1d40
  ap-name L1_150
  ap-group mesh-mpp
 ap-id 102 ap-mac 00e0-fc59-1d50
  ap-name L1_160
  ap-group mesh-mpp
 ap-id 103 ap-mac 00e0-fc59-1d60
  ap-name L1_170
  ap-group mesh-mpp
#
return</span></span></span>

  • 车载网络设备

相关推荐
ServBay7 小时前
垃圾堆里编码?真的不要怪 PHP 不行
后端·php
用户9623779544810 小时前
CTF 伪协议
php
BingoGo3 天前
当你的 PHP 应用的 API 没有限流时会发生什么?
后端·php
JaguarJack3 天前
当你的 PHP 应用的 API 没有限流时会发生什么?
后端·php·服务端
BingoGo4 天前
OpenSwoole 26.2.0 发布:支持 PHP 8.5、io_uring 后端及协程调试改进
后端·php
JaguarJack4 天前
OpenSwoole 26.2.0 发布:支持 PHP 8.5、io_uring 后端及协程调试改进
后端·php·服务端
JaguarJack5 天前
推荐 PHP 属性(Attributes) 简洁读取 API 扩展包
后端·php·服务端
BingoGo5 天前
推荐 PHP 属性(Attributes) 简洁读取 API 扩展包
php
JaguarJack6 天前
告别 Laravel 缓慢的 Blade!Livewire Blaze 来了,为你的 Laravel 性能提速
后端·php·laravel
郑州光合科技余经理6 天前
代码展示:PHP搭建海外版外卖系统源码解析
java·开发语言·前端·后端·系统架构·uni-app·php
热门推荐
01GitHub 镜像站点02OpenClaw 使用和管理 MCP 完全指南03OpenClaw + 飞书(Feishu)环境搭建指南04Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services05OpenClaw优化飞书API 额度已耗尽问题06小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)07Window 10部署openclaw报错node.exe : npm error code 12808Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤09本地部署 OpenClaw + DeepSeek-R1 完全指南10网站改了域名,如何查找?