无线客户端保活和空闲检测典型配置举例

无线客户端保活和空闲检测典型配置举例Copyright 2014 杭州华三通信技术有限公司 版权所有，保留一切权利。非经本公司书面许可，任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部，并不得以任何形式传播。本文档中的信息可能变动，恕不另行通知。目 录1 简介12 配置前提13 配置举例13.1 组网需求13.2 配置思路13.3 配置注意事项13.4 配置步骤23.4.1 AC的配置23.4.2 Switch的配置33.5 验证配置43.6 配置文件84 相关资料9i1 简介本文介绍了使用无线客户端保活与空闲检测功能的典型配置举例。2 配置前提本文档不严格与具体软、硬件版本对应，如果使用过程中与产品实际情况有差异，请参考相关产品手册，或以设备实际情况为准。本文档中的配置均是在实验室环境下进行的配置和验证，配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置，为了保证配置效果，请确认现有配置和以下举例中的配置不冲突。本文档假设您已了解WLAN的客户端保活机制和空闲检测机制的特性。3 配置举例3.1 组网需求如Error! Reference source not found.所示，AC通过Switch连接AP和DHCP服务器，DHCP服务器分别为Client和AP提供IP地址。为了实现及时释放AC的客户端列表中失效的客户端信息，现要求：配置WLAN的客户端保活机制和空闲检测机制，设置Client的保活时间间隔为3秒，最大空闲时间为60秒。图1 无线客户端保活与空闲检测功能组网图3.2 配置思路为实现及时释放AC的客户端表项中失效的客户端信息的功能，需要在AC的服务模板下配置无线客户端的保活时间间隔和最大空闲时间。3.3 配置注意事项 为了能够在AC上显示上线Client的IP地址，需要在AC上开启ARP Snooping功能。 配置AP的序列号时请确保该序列号与AP唯一对应，AP的序列号可以通过AP设备背面的标签获取。3.4 配置步骤3.4.1 AC的配置(1) 配置AC接口# 创建VLAN 100及其对应的VLAN接口，并为该接口配置IP地址。AC将使用该接口的IP地址与AP建立LWAPP隧道。 system-viewAC vlan 100AC-vlan100 quitAC interface vlan-interface 100AC-Vlan-interface100 ip address 128.100.1.180 16AC-Vlan-interface100 quit# 创建VLAN 200作为WLAN-ESS接口的缺省VLAN。AC vlan 200AC-vlan200 quit# 创建VLAN 300作为Client接入的业务VLAN，配置VLAN 300的接口IP地址。AC vlan 300AC-vlan200 quitAC interface vlan-interface 300AC-Vlan-interface300 ip address 128.30.1.180 16AC-Vlan-interface300 quit# 配置AC连接Switch的接口GigabitEthernet1/0/1为Trunk类型，禁止VLAN 1报文通过，允许VLAN 100和VLAN 300通过，设置PVID为VLAN 100。AC interface gigabitethernet 1/0/1AC-GigabitEthernet1/0/1 port link-type trunkAC-GigabitEthernet1/0/1 undo port trunk permit vlan 1AC-GigabitEthernet1/0/1 port trunk permit vlan 100 300AC-GigabitEthernet1/0/1 port trunk pvid vlan 100AC-GigabitEthernet1/0/1 quit# 创建WLAN-ESS 1接口。AC interface wlan-ess 1# 配置WLAN-ESS 1接口类型为Hybrid类型。AC-WLAN-ESS1 port link-type hybrid# 配置当前hybrid端口的PVID为VLAN 200，禁止VLAN 1通过并允许VLAN 200不带tag通过。AC-WLAN-ESS1 undo port hybrid vlan 1AC-WLAN-ESS1 port hybrid vlan 200 untaggedAC-WLAN-ESS1 port hybrid pvid vlan 200# 使能MAC VLAN功能。AC-WLAN-ESS1 mac-vlan enableAC-WLAN-ESS1 quit(2) 配置无线服务# 创建clear类型的服务模板1。AC wlan service-template 1 clear# 设置当前服务模板的SSID为service。AC-wlan-st-1 ssid service# 将WLAN-ESS1接口绑定到服务模板1。AC-wlan-st-1 bind wlan-ess 1# 启用无线服务。AC-wlan-st-1 service-template enableAC-wlan-st-1 quit(3) 配置射频接口并绑定服务模板# 创建AP的管理模板，名称为officeap，型号名称选择WA2620E-AGN。AC wlan ap officeap model WA2620E-AGN# 设置officeap的序列号为A29G007C。AC-wlan-ap-officeap serial-id A29G007C# 进入radio 2射频视图。AC-wlan-ap-officeap radio 2# 将在AC上配置的clear类型的服务模板1与射频2进行绑定，设置绑定到射频接口的VLAN编号为VLAN 300。AC-wlan-ap-officeap-radio-2 service-template 1 vlan-id 300# 使能officeap的radio 2。AC-wlan-ap-officeap-radio-2 radio enableAC-wlan-ap-officeap-radio-2 quit(4) 配置无线客户端的保活机制和空闲检测机制# 设置无线客户端的保活时间间隔为3秒。AC-wlan-ap-officeap client keep-alive 3# 设置无线客户端最大空闲时间为60秒。AC-wlan-ap-officeap client idle-timeout 60AC-wlan-ap-officeap quit(5) 开启ARP Snooping功能AC arp snooping enable3.4.2 Switch的配置# 创建VLAN 100和VLAN 300，其中VLAN 100用于转发AC和AP间LWAPP隧道内的流量，VLAN 300为无线客户端接入的VLAN。 system-viewSwitch vlan 100Switch-vlan100 quitSwitch vlan 300Switch-vlan300 quit# 配置Switch与AC相连的GigabitEthernet1/0/1接口属性Trunk，禁止VLAN 1报文通过，设置PVID为VLAN 100，允许VLAN 100和VLAN 300通过。Switch interface gigabitethernet 1/0/1Switch-GigabitEthernet1/0/1 port link-type trunkSwitch-GigabitEthernet1/0/1 undo port trunk permit vlan 1Switch-GigabitEthernet1/0/1 port trunk permit vlan 100 300Switch-GigabitEthernet1/0/1 port trunk pvid vlan 100Switch-GigabitEthernet1/0/1 quit # 配置Switch与AP相连的GigabitEthernet1/0/2接口属性为Access，并允许VLAN 100通过。Switch interface gigabitethernet 1/0/2Switch-GigabitEthernet1/0/2 port link-type accessSwitch-GigabitEthernet1/0/2 port access vlan 100# 配置Switch与AP相连的GigabitEthernet1/0/2接口使能PoE功能。Switch-GigabitEthernet1/0/2 poe enableSwitch-GigabitEthernet1/0/2 quit# 配置Switch与DHCP服务器相连的GigabitEthernet1/0/3接口属性为Access，并允许VLAN 100通过。Switch interface gigabitethernet 1/0/3Switch-GigabitEthernet1/0/3 port link-type accessSwitch-GigabitEthernet1/0/3 port access vlan 100Switch-GigabitEthernet1/0/3 quit3.5 验证配置# 通过命令display wlan ap name officeap verbose可以看到无线客户端配置的保活时间间隔为3秒，空闲时间为60秒。 display wlan ap name officeap verbose AP Profile: officeap- APID : 1 Auto AP : NO AP System Name : Not Configured Map Configuration : Not Configured State : Run Up Time(hh:mm:ss) : 00:01:54 Model : WA2620E-AGN Serial-ID : A29G007C AC IP Address : 128.100.1.180 AP IP Address : 128.100.0.4 H/W Version : Ver.A S/W Version : V100R001B96D037 Boot-Rom Version : 2.02 Description : Not Configured Connection Type : Master Peer AC MAC Address : -NA- Priority Level : 4 Echo Interval(s) : 10 Statistics report Interval(s) : 50 Cir(Kbps) : -NA- Cbs(Bytes) : -NA- Jumboframe Threshold : Disable Transmitted control packets : 90 Received control packets : 90 Transmitted data packets : 79999 Received data packets : 73 Echo Average Delay(ms) : 13 Echo Request Count : 10 Echo Response Loss Count : 0 Configuration Failure Count : 0 Last Failure Reason : Last Reboot Reason : Tunnel Initiated Latest IP Address : 128.100.0.4 Tunnel Down Reason : Response Timer Expire Connection Count : 67 AP-Group Name : 1- AP Mode : Split AP operation mode : Normal Portal Service : Disable Device Detection : Disable Maximum Number of Radios : 2 Current Number of Radios : 2 Client Keep-alive Interval (s): 3 Client Idle Interval(s) : 60 Broadcast-probe Reply Status : Enable Radio 1: Basic BSSID : 5866-ba94-71e0 Current BSS Count : 0 Running Clients Count : 0 Wireless Mode : 11an Client Dot11n-only : Disabled Channel Band-width : 20/40MHz Secondary Channel Offset : SCN HT Protection Mode : no protection Short GI for 20MHz : Supported Short GI for 40MHz : Supported Mandatory MCS Set : Support MCS Set : 0,1,2,3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19, 20,21,22,23 A-MSDU : Enabled A-MPDU : Enabled Green Energy Management : Disabled MIMO : Default STBC : Enabled LDPC : Disabled Configured Channel : auto Configured Power (dBm) : 20 Radio Policy : default_rp Mesh Policy : default_mp_plcy ANI Support : Enable Admin State : DOWN Physical State : UP Operational Rates (Mbps): 6 : mandatory 9 : supported 12 : mandatory 18 : supported 24 : mandatory 36 : supported 48 : supported 54 : supported Radar detected Channels : None Antenna Type : Internal Antenna Resource Using Ratio (%) : 0 Noise Floor (dBm) : 0 Radio 2: Basic BSSID : 5866-ba94-71f0 Current BSS Count : 1 Running Clients Count : 1 Wireless Mode : 11gn Client Dot11n-only : Disabled Channel Band-width : 20MHz Secondary Channel Offset : SCN HT Protection Mode : no protection Short GI for 20MHz : Supported Short GI for 40MHz : Supported Mandatory MCS Set : Support MCS Set : 0,1,2,3,4,5,6,7,8,9, 10,11,12,13,14,15,16,17,18,19, 20,21,22,23 A-MSDU : Enabled A-MPDU : Enabled Green Energy Management : Disabled MIMO : Default STBC : Enabled LDPC : Disabled Configured Channel : auto(11) Configured Power (dBm) : 20 Interference (%) : 54 Channel Load (%) : 54 Utilization (%) : 0 Co-channel Neighbor Count : 3 Channel Health : Bad Preamble Type : short Radio Policy : default_rp Service Template : 1 SSID : service Port : WLAN-DBSS1:2147 Mesh Policy : default_mp_plcy ANI Support : Enable 11g Protection : Disable Admin State : UP Physical State : UP Operational Rates (Mbps): 1 : mandatory 2 : mandatory 5.5 : mandatory 6 : supported 9 : supported 11 : mandatory 12 : supported 18 : supported 24 : supported 36 : supported 48 : supported 54 : supported Radar detected Channels : None Antenna Type : Internal Antenna Resource Using Ratio (%) : 23 Noise Floor (dBm) : -110-# 在AC上配置允许日志信息输出到监视终端。 terminal monitor# 将client关机或者断电，使得client不能对AC发送下线通知。# 如果在保活时间间隔周期3秒周期后，AC未收到Client的Deauth通知，那么AC就会主动删除对应Client表项，通过命令行自动打印的信息验证Client被AC下线。%Nov 28 09:50:54:441 2013 AC WMAC/6/WMAC_CLIENT_GOES_OFFLINE: Client 000f-e212-8410 disconnected from WLAN service. Reason code is 1.# 将client重新上线，然后60秒之内不发送任何数据。在60秒周期内AC没有收到Client发送的数据报文，AC就会将Client下线，通过命令行自动打印的信息验证Client被AC下线。%Nov 27 15:42:39:209 2013 AC WMAC/6/WMAC_CLIENT_GOES_OFFLINE: Client 0021-632f-e17d disconnected from WLAN service. Reason code is 4.3.6 配置文件 AC：#arp snooping enable#vlan 100#vlan 200#vlan 300#wlan service-template 1 clear ssid service bind WLAN-ESS 1 service-template enable#interface GigabitEthernet1/0/1 port link-type trunk po