配置要求
1.两台核心交换机部署VSU,Domain ID为1,S1的Switch ID为1,优先级为150,设备描述为VSU-S1;S2的Switch ID为2,优先级为120,设备描述为VSU-S2;两台设备的G0/48口用于BFD双机检测。
2.两台AC部署VAC,Domain ID为1,AC1的Device ID为1,优先级为150,设备描述为VAC-AC1;AC2的Device ID为2,优先级为120,设备描述为VAC-AC2;两台设备的G0/8口用于BFD双机检测。
3.所有业务端口均使用LACP动态聚合
4.AP及用户的DHCP网关部署在VSU上,地址自行规划
5.无线SSID为Ruijie-Test,密码为12345678,加密方式为WPA2。
网络拓扑
接口规划
| 设备名称 | 端口 | 端口描述或名称 | IP地址或端口规划 | 对端设备 |
|---|---|---|---|---|
| S1 | Te0/49 | VSU | - | S2 |
| S1 | Te0/50 | VSU | - | S2 |
| S1 | G0/48 | BFD | - | S2 |
| S1 | G0/1 | Connect_To_AC1 | VLAN10 | AC1 |
| S1 | G0/2 | Connect_To_AC1 | AG1 | AC1 |
| S1 | G0/3 | Connect_To_AC2 | AG1 | AC2 |
| S1 | G0/4 | Connect_To_S3 | AG2 | S3 |
| S1 | VLAN10 | VAC | G0/1 | - |
| S1 | VLAN20 | Wireless_AP_Manage | 192.168.20.254/24 | - |
| S1 | VLAN30 | Wireless_User | 192.168.30.254/24 | - |
| S1 | VLAN100 | Manage | 192.168.100.254/24 | - |
| S1 | AG1 | Connect_To_VAC | Trunk | - |
| S1 | AG2 | Connect_To_S3 | Trunk | - |
| S2 | Te0/49 | VSU | - | S1 |
| S2 | Te0/50 | VSU | - | S1 |
| S2 | G0/48 | BFD | - | S1 |
| S2 | G0/1 | Connect_To_AC2 | VLAN10 | AC2 |
| S2 | G0/2 | Connect_To_AC2 | AG1 | AC2 |
| S2 | G0/3 | Connect_To_AC1 | AG1 | AC1 |
| S2 | G0/4 | Connect_To_S3 | AG2 | S3 |
| S2 | VLAN10 | VAC | G0/1 | - |
| S2 | VLAN20 | Wireless_AP_Manage | 192.168.20.254/24 | - |
| S2 | VLAN30 | Wireless_User | 192.168.30.254/24 | - |
| S2 | VLAN100 | Manage | 192.168.100.254/24 | - |
| S2 | AG1 | Connect_To_VAC | Trunk | - |
| S2 | AG2 | Connect_To_S3 | Trunk | - |
| S3 | G0/23 | Connect_To_S1 | AG1 | S1 |
| S3 | G0/24 | Connect_To_S2 | AG1 | S2 |
| S3 | G0/1 | Connect_To_AP | Trunk | AP |
| S3 | G0/2 | Connect_To_AP | Trunk | AP |
| S3 | G0/3 | Connect_To_AP | Trunk | AP |
| S3 | AG2 | Connect_To_VSU | Trunk | VSU |
| AC1 | G0/1 | VAC_Connect_To_S1 | - | S1 |
| AC1 | G0/8 | BFD | - | AC2 |
| AC1 | G0/2 | Connect_To_S1 | AG1 | S1 |
| AC1 | G0/3 | Connect_To_S2 | AG1 | S2 |
| AC1 | VLAN100 | CAPWAP-Manage | 192.168.100.253/24 | - |
| AC1 | AG1 | Connect_To_VSU | Trunk | VSU |
| AC2 | G0/1 | VAC_Connect_To_S2 | - | S2 |
| AC2 | G0/8 | BFD | - | AC1 |
| AC2 | G0/2 | Connect_To_S2 | AG1 | S2 |
| AC2 | G0/3 | Connect_To_S1 | AG1 | S1 |
| AC2 | VLAN100 | CAPWAP-Manage | 192.168.100.253/24 | - |
| AC2 | AG1 | Connect_To_VSU | Trunk | VSU |
配置过程
1.完成VSU配置
S1
XML
Ruijie>enable
Ruijie#configure
Ruijie(config)#switch virtual domain 1
Ruijie(config-vs-domain)#switch 1
Ruijie(config-vs-domain)#switch 1 priority 150
Ruijie(config-vs-domain)#switch 1 description VSU-S1
Ruijie(config-vs-domain)#exit
Ruijie(config)#vsl-port
Ruijie(config-vsl-port)#port-member interface tenGigabitEthernet 0/49
Ruijie(config-vsl-port)#port-member interface tenGigabitEthernet 0/50
Ruijie(config-vsl-port)#end
Ruijie#switch convert mode virtual
Convert mode will backup and delete config file, and reload the switch. Are you sure to continue[yes/no]:y
% It is preparing for restarting device, please wait a moment.S2
XML
S2配置:
Ruijie>enable
Ruijie#configure
Ruijie(config)#switch virtual domain 1
Ruijie(config-vs-domain)#switch 2
Ruijie(config-vs-domain)#switch 2 priority 120
Ruijie(config-vs-domain)#switch 2 description VSU-S2
Ruijie(config-vs-domain)#exit
Ruijie(config)#vsl-port
Ruijie(config-vsl-port)#port-member interface tenGigabitEthernet 0/49
Ruijie(config-vsl-port)#port-member interface tenGigabitEthernet 0/50
Ruijie(config-vsl-port)#end
Ruijie#switch convert mode virtual
Convert mode will backup and delete config file, and reload the switch. Are you sure to continue[yes/no]:y
% It is preparing for restarting device, please wait a moment.2.VSU配置成功后,配置BFD双机检测
XML
Ruijie>enable
Ruijie#configure
Ruijie(config)#hostname VSU
VSU(config)#interface range gigabitEthernet 1/0/48,2/0/48
VSU(config-if-range)#no switchport
VSU(config-if-range)#exit
VSU(config)#switch virtual domain 1
VSU(config-vs-domain)#dual-active detection bfd
VSU(config-vs-domain)#dual-active bfd interface gigabitEthernet 1/0/48
VSU(config-vs-domain)#dual-active bfd interface gigabitEthernet 2/0/48
VSU(config-vs-domain)#end
VSU#3.在VSU上为VAC做准备配置
XML
VSU#configure
VSU(config)#vlan 10
VSU(config-vlan)#name VAC
VSU(config-vlan)#exit
VSU(config)#interface vlAN 10
VSU(config-if-VLAN 10)#mtu 9216
VSU(config-if-VLAN 10)#exit
VSU(config)#interface range gigabitEthernet 1/0/1,2/0/1
VSU(config-if-range)#switchport access vlan 10
VSU(config-if-range)#mtu 9216
VSU(config-if-range)#end
VSU#4.完成VAC配置
AC1
XML
Ruijie>enable
Ruijie#configure
Ruijie(config)#virtual-ac domain 1
Ruijie(config-vac-domain)#device 1
Ruijie(config-vac-domain)#device 1 priority 150
Ruijie(config-vac-domain)#device 1 description VAC-AC1
Ruijie(config-vac-domain)#exit
Ruijie(config)#vac-port
Ruijie(config-vac-port)#port-member interface gigabitEthernet 0/1 copper
Ruijie(config-vac-port)#end
Ruijie#device convert mode virtual
Convert mode will backup and delete config file, and reload the switch. Are you sure to continue[yes/no]:y
% It is preparing for restarting device, please wait a moment.AC2
XML
Ruijie>enable
Ruijie#configure
Ruijie(config)#virtual-ac domain 1
Ruijie(config-vac-domain)#device 2
Ruijie(config-vac-domain)#device 2 priority 120
Ruijie(config-vac-domain)#device 2 description VAC-AC2
Ruijie(config-vac-domain)#exit
Ruijie(config)#vac-port
Ruijie(config-vac-port)#port-member interface gigabitEthernet 0/1 copper
Ruijie(config-vac-port)#end
Ruijie#device convert mode virtual
Convert mode will backup and delete config file, and reload the switch. Are you sure to continue[yes/no]:y
% It is preparing for restarting device, please wait a moment.5.VAC配置成功后,配置BFD双机检测
XML
Ruijie>enable
Ruijie#configure
Ruijie(config)#hostname VAC
VAC(config)#interface range gigabitEthernet 1/0/8,2/0/8
VAC(config-if-range)#no switchport
VAC(config-if-range)#exit
VAC(config)#virtual-ac domain 1
VAC(config-vac-domain)#dual-active detection bfd
VAC(config-vac-domain)#dual-active bfd interface gigabitEthernet 1/0/8
VAC(config-vac-domain)#dual-active bfd interface gigabitEthernet 2/0/8
VAC(config-vac-domain)#end
VAC#6.配置设备的端口和IP地址
VSU
XML
VSU#configure
VSU(config)#interface range gigabitEthernet 1/0/2-3,2/0/2-3
VSU(config-if-range)#port-group 1 mode active
VSU(config-if-range)#exit
VSU(config)#interface aggregatePort 1
VSU(config-if-AggregatePort 1)#switchport mode trunk
VSU(config-if-AggregatePort 1)#switchport trunk allowed vlan only 20,30,100
VSU(config-if-AggregatePort 1)#exit
VSU(config)#interface range gigabitEthernet 1/0/4,2/0/4
VSU(config-if-range)#port-group 2 mode active
VSU(config-if-range)#exit
VSU(config)#interface aggregatePort 2
VSU(config-if-AggregatePort 2)#switchport mode trunk
VSU(config-if-AggregatePort 2)#switchport trunk allowed vlan only 20,30
VSU(config-if-AggregatePort 2)#exit
VSU(config)#vlan 20
VSU(config-vlan)#name Wireless_AP_Magage
VSU(config-vlan)#exit
VSU(config)#vlan 30
VSU(config-vlan)#name Wireless_User
VSU(config-vlan)#exit
VSU(config)#vlan 100
VSU(config-vlan)#name Manage
VSU(config-vlan)#exit
VSU(config)#interface vlAN 20
VSU(config-if-VLAN 20)#ip address 192.168.20.254 24
VSU(config-if-VLAN 20)#exit
VSU(config)#interface vlAN 30
VSU(config-if-VLAN 30)#ip address 192.168.30.254 24
VSU(config-if-VLAN 30)#exit
VSU(config)#interface vlAN 100
VSU(config-if-VLAN 100)#ip address 192.168.100.254 24
VSU(config-if-VLAN 100)#end
VSU#VAC
XML
VAC#configure
VAC(config)#interface range gigabitEthernet 1/0/2-3,2/0/2-3
VAC(config-if-range)#port-group 1 mode active
VAC(config-if-range)#exit
VAC(config)#interface aggregatePort 1
VAC(config-if-AggregatePort 1)#switchport mode trunk
VAC(config-if-AggregatePort 1)#switchport trunk allowed vlan only 20,30,100
VAC(config-if-AggregatePort 1)#exit
VAC(config)#vlan 20
VAC(config-vlan)#name Wireless_AP_Manage
VAC(config-vlan)#exit
VAC(config)#vlan 100
VAC(config-vlan)#name Manage
VAC(config-vlan)#exit
VAC(config)#interface vlAN 20
VAC(config-if-VLAN 20)#ip address 192.168.20.253 24
VAC(config)#interface vlAN 100
VAC(config-if-VLAN 100)#ip address 192.168.100.253 24
VAC(config-if-VLAN 100)#end
VAC#S3
XML
Ruijie>enable
Ruijie#configure
Ruijie(config)#hostname S3
S3(config)#interface range gigabitEthernet 0/23-24
S3(config-if-range)#port-group 2 mode active
S3(config-if-range)#exit
S3(config)#interface aggregatePort 2
S3(config-if-AggregatePort 2)#switchport mode trunk
S3(config-if-AggregatePort 2)#switchport trunk allowed vlan only 20,30
S3(config-if-AggregatePort 2)#exit
S3(config)#interface range gigabitEthernet 0/1-3
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#switchport trunk allowed vlan only 20,30
S3(config-if-range)#switchport trunk native vlan 20
S3(config-if-range)#exit
S3(config)#vlan range 20,30
S3(config-vlan-range)#end
S3#7.配置无线功能
VSU配置DHCP
XML
VSU#configure
VSU(config)#ip dhcp pool AP
VSU(dhcp-config)#network 192.168.20.0 255.255.255.0
VSU(dhcp-config)#default-router 192.168.20.254
VSU(dhcp-config)#option 138 ip 192.168.20.253
VSU(dhcp-config)#lease 1 0 0
VSU(dhcp-config)#exit
VSU(config)#ip dhcp pool User
VSU(dhcp-config)#network 192.168.30.0 255.255.255.0
VSU(dhcp-config)#default-router 192.168.30.254
VSU(dhcp-config)#lease 0 8 0
VSU(dhcp-config)#exit
VSU(config)#service dhcp
VSU(config)#end
VSU#AC配置
XML
VAC#configure
VAC(config)#ac-controller
VAC(config-ac)#capwap ctrl-ip 192.168.20.253
VAC(config-ac)#exit
VAC(config)#ip route 0.0.0.0 0.0.0.0 192.168.100.254
VAC(config)#wlan-config 1 Ruijie-Test
VAC(config-wlan)#exit
VAC(config)#wlansec 1
VAC(config-wlansec)#security rsn enable
VAC(config-wlansec)#security rsn ciphers aes enable
VAC(config-wlansec)#security rsn akm psk enable
VAC(config-wlansec)#security rsn akm psk set-key ascii 12345678
VAC(config-wlansec)#exit
VAC(config)#ap-group default
VAC(config-group)#interface-mapping 1 30
VAC(config-group)#end
VAC#结果验证
VSU
VAC
S3
