Сравнение версий

Старая версия 2

changes.mady.by.user Городской Илья Сергеевич

Сохранено

по сравнению с

Новая версия 3

changes.mady.by.user Городской Илья Сергеевич

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

 

Оглавление
maxLevel34
printablefalse

Настройка Cluster

...

Блок кода
titleWLC-1
wlc-1(config-bridge)# vrrp 2
wlc-1(config-vrrp)# ip address 192.168.1.1/32
wlc-1(config-vrrp)# priority 130 unit 1
wlc-1(config-vrrp)# priority 120 unit 2
wlc-1(config-vrrp)# group 1
wlc-1(config-vrrp)# preempt disable 
wlc-1(config-vrrp)# enable  
wlc-1(config-vrrp)# exit

Для схемы 1+2 необходимо задать приоритет  для  третьего  юнит 

Блок кода
titleWLC-1
wlc-1(config-bridge)# vrrp 2
wlc-1(config-vrrp)# priority 110 unit 3 
wlc-1(config-vrrp)# exit

Scroll Pagebreak

...

Блок кода
titleWLC-1
wlc-1(config)# interface gigabitethernet 2/0/2
wlc-1(config-if-gi)# description "Local"
wlc-1(config-if-gi)# mode switchport
wlc-1(config-if-gi)# switchport mode trunk
wlc-1(config-if-gi)# switchport trunk allowed vlan add 3,2449
wlc-1(config-if-gi)# exit

...

Настройка кластерного интерфейса
...
 Блок  кода
titleWLC-2
wlс# set unit id 2
Unit ID will be 2 after reboot
wlc# reload system 
Do you really want to reload system now? (y/N): y
 Блок  кода
wlc# set unit id 3
Unit ID will be 3 after reboot
wlc-2# reload system 
Do you really want to reload system now? (y/N): y
...
 Блок  кода
titleWLC-1
wlc# configure 
wlc(config)# hostname wlc-1 unit 1
wlc(config)# hostname wlc-2 unit 2
wlc(config)# hostname wlc-3 unit 3
 Примечание
Более приоритетным является hostname, указанный с привязкой к unit.
...
Необходимо задать адресацию для первого и второго юнита кластера:
 Блок  кода
titleWLC-1
wlc-1(config-bridge)# ip address 192.168.1.4/24 unit 1
wlc-1(config-bridge)# ip address 192.168.1.3/24 unit 12
wlc-1(config-bridge)# ip address 192.168.1.2/24 unit 23

Настройте VRRP:
 Примечание
Для избежания лишних переключений VRRP, в приведенном примере отключен перехват роли Master у текущего Master-устройства с более низким приоритетом. 
 Блок  кода
preempt disable  
Если вам требуется перехват роли, то нужно вводить задержку для перехвата, чтобы сервисы успели синхронизировать данные.
 Блок  кода
vrrp preempt delay 120
 Блок  кода
titleWLC-1
wlc-1(config-bridge)# vrrp 2
wlc-1(config-vrrp)# ip address 192.168.1.1/32
wlc-1(config-vrrp)# priority 130 unit 1
wlc-1(config-vrrp)# priority 120 unit 2
wlc-1(config-vrrp)# group 1
wlc-1(config-vrrp)# preempt disable priority 110 unit 3
wlc-1(config-vrrp)# enablegroup  1
wlc-1(config-vrrp)# exit

Для схемы 1+2 необходимо задать приоритет  для  третьего  юнит 
 Блок  кода
titleWLC-1
wlc-1(config-bridge)# vrrp 2preempt disable 
wlc-1(config-vrrp)# priorityenable 110 unit 3 
wlc-1(config-vrrp)# exit

 Scroll Pagebreak
...
Сконфигурируйте интерфейс Второго второго и третьего юнита. Настройки идентичны с интерфейсом, сконфигурированным выше:
 Блок  кода
titleWLC-1
wlc-1(config)# interface gigabitethernet 2/0/2
wlc-1(config-if-gi)# description "Local"
wlc-1(config-if-gi)# mode switchport
wlc-1(config-if-gi)# switchport mode trunk
wlc-1(config-if-gi)# switchport trunk allowed vlan add 3,2449
wlc-1(config-if-gi)# exit
...
 Блок  кода
titleWLC-1
wlc-1(config)# interface gigabitethernet 3/0/2
wlc-1(config-if-gi)# description "Local"
wlc-1(config-if-gi)# mode switchport
wlc-1(config-if-gi)# switchport mode trunk
wlc-1(config-if-gi)# switchport trunk allowed vlan add 3,2449
wlc-1(config-if-gi)# exit
Настройка кластерного интерфейса
...
 Блок  кода
titleWLC-1
wlc-1(config-bridge)# ip address 198.51.100.254/24 unit 1
wlc-1(config-bridge)# ip address 198.51.100.253/24 unit 2
wlc-1(config-bridge)# ip address 198.51.100.252/24 unit 3
 Примечаниеnote
Для работы кластерного интерфейса поддерживается только IPv4-адресация.
На cluster-интерфейсе необходима настройка адресов с привязкой к unit.
...
 Блок  кода
titleWLC-1
wlc-1(config-bridge)# vrrp 1
wlc-1(config-vrrp)# ip address 198.51.100.1/24
wlc-1(config-vrrp)# priority 130 unit 1
wlc-1(config-vrrp)# priority 120 unit 2
wlc-1(config-vrrp)# priority 110 unit 3
wlc-1(config-vrrp)# group 1
wlc-1(config-vrrp)# preempt disable
wlc-1(config-vrrp)# enable
wlc-1(config-vrrp)# exit
...
Настройте физические порты для выделенного линка синхронизации маршрутизаторов wlc-1, wlc-2 и wlc-23:
 Блок  кода
titleWLC-1
wlc-1(config)# interface gigabitethernet 1/0/3
wlc-1(config-if-gi)# description "Network: SYNC"
wlc-1(config-if-gi)# mode switchport
wlc-1(config-if-gi)# exit
wlc-1(config)# interface gigabitethernet 2/0/3
wlc-1(config-if-gi)# description "Network: SYNC"
wlc-1(config-if-gi)# mode switchport
wlc-1(config-if-gi)# exit
wlc-1(config)# interface gigabitethernet 3/0/3
wlc-1(config-if-gi)# description "Network: SYNC"
wlc-1(config-if-gi)# mode switchport
wlc-1(config-if-gi)# exit
...
 Блок  кода
titleWLC-1
wlc-1(config-cluster)# unit 1
wlc-1(config-cluster-unit)# mac-address E4:5A:D4:A0:BE:35
wlc-1(config-cluster-unit)# exit
wlc-1(config-cluster)# unit 2
wlc-1(config-cluster-unit)# mac-address A8:F9:4B:AF:35:84
wlc-1(config-cluster-unit)# exit
wlc-1(config-cluster)# unit 3
wlc-1(config-cluster-unit)# mac-address 68:13:E2:7E:80:46
wlc-1(config-cluster-unit)# exit
...
 Раскрыть
 Блок  кода
cluster
  cluster-interface bridge 1
  unit 1
    mac-address e4:5a:d4:a0:be:35
  exit
  unit 2
    mac-address a8:f9:4b:af:35:84
  exit
   enable
exit

hostname wlc-1 
hostname wlc-1 unit 1
hostname wlc-2 unit 2unit 2
    mac-address 68:13:E2:7E:80:46
  exit 
  enable
exit

hostname wlc-1 
hostname wlc-1 unit 1
hostname wlc-2 unit 2
hostname wlc-2 unit 3

object-group service airtune
  port-range 8099
exit
object-group service dhcp_client
  port-range 68
exit
object-group service dhcp_server
  port-range 67
exit
object-group service dns
  port-range 53
exit
object-group service ntp
  port-range 123
exit
object-group service radius_auth
  port-range 1812
exit
object-group service sa
  port-range 8043-8044
exit
object-group service ssh
  port-range 22
exit
object-group service sync
  port-range 873
exit
object-group service journal_sync
  port-range 5432
exit

syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default
  severity info
exit

radius-server local
  nas ap
    key ascii-text password
    network 192.168.1.0/24
  exit
  nas local
    key ascii-text password
    network 127.0.0.1/32
  exit
  domain default
    user test
      password ascii-text password1
    exit
  exit
  virtual-server default
    enable
  exit
  enable
exit
radius-server host 127.0.0.1
  key ascii-text password
exit
aaa radius-profile default_radius
  radius-server host 127.0.0.1
exit

boot host auto-config
boot host auto-update

vlan 3
  force-up
exit
vlan 2449
  force-up
exit
vlan 2
exit

no spanning-tree

domain lookup enable

security zone trusted
exit
security zone untrusted
exit
security zone users
exit
security zone SYNC
exit

bridge 1
  vlan 1
  security-zone SYNC
  ip address 198.51.100.254/24 unit 1
  ip address 198.51.100.253/24 unit 2
  ip address 198.51.100.252/24 unit 3
  vrrp 1
    ip 198.51.100.1/24
	priority 130 unit 1
	priority 120 unit 2
 	priority 110 unit 3 
    group 1
	preempt disable 
    enable
  exit
  enable
exit
bridge 2
  vlan 2
  security-zone untrusted
  ip address dhcp
  no spanning-tree
  enable
exit
bridge 3
  vlan 3
  mtu 1458
  security-zone users
  ip address 192.168.2.1/24
  no spanning-tree
  enable
exit
bridge 5
  vlan 2449
  security-zone trusted
  ip address 192.168.1.4/24 unit 1
  ip address 192.168.1.3/24 unit 2
  ip address 192.168.1.2/24 unit 3
  vrrp 2
    ip 192.168.1.1/32
	priority 130 unit 1
  ip address 192.168.1.2/24 unit 2
  vrrp 2
    ip 192.168.1.1/32
	priority 130 unit 1
	priority 120 unit 2
    group 1
	preempt disable 
    enable
  exit 
  no spanning-tree
  enable 1
	priority 120 unit 2
 	priority 110 unit 2 
    group 1
	preempt disable 
    enable
  exit 
  no spanning-tree
  enable
exit
interface gigabitethernet 1/0/1
  mode switchport
  switchport access vlan 2
exit
interface gigabitethernet 1/0/2
  description "Local"
  mode switchport
  switchport mode trunk
  switchport trunk allowed vlan add 3,2449
exit
interface gigabitethernet 1/0/3
  mode switchport
  spanning-tree disable
exit
interface gigabitethernet 1/0/4
  mode switchport
exit
interface tengigabitethernet 1/0/1
  mode switchport
  switchport access vlan 2
exit
interface tengigabitethernet 1/0/2
  mode switchport
exit
interface gigabitethernet 12/0/1
  mode switchport
  switchport access vlan 2
exit
interface gigabitethernet 12/0/2
   descriptiondescription "Local"
  mode switchport
  switchport mode trunk
  switchport trunk allowed vlan add 3,2449
exit
interface gigabitethernet 12/0/3
  mode switchport
  spanning-tree disable
exit
interface gigabitethernet 12/0/4
  mode switchport
exit
interface tengigabitethernet 12/0/1
  mode switchport
  switchport access vlan 2
exit
interface tengigabitethernet 12/0/2
  mode switchport
exit
interface gigabitethernet 23/0/1
  mode switchport
  switchport access vlan 2
exit
interface gigabitethernet 23/0/2
  description "Local"
  mode switchport
  switchport mode trunk
  switchport trunk allowed vlan add 3,2449
exit
interface gigabitethernet 23/0/3
  mode switchport
  spanning-tree disable
exit
interface gigabitethernet 23/0/4
  mode switchport
exit
interface tengigabitethernet 23/0/1
  mode switchport
  switchport access vlan 2
exit
interface tengigabitethernet 23/0/2
  mode switchport
exit

tunnel softgre 1
  mode data
  local address 192.168.1.1
  default-profile
  enable
exit

security zone-pair trusted self
  rule 10
    action permit
    match protocol tcp
    match destination-port object-group ssh
    enable
  exit
  rule 20
    action permit
    match protocol icmp
    enable
  exit
  rule 30
    action permit
    match protocol udp
    match source-port object-group dhcp_client
    match destination-port object-group dhcp_server
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port object-group ntp
    enable
  exit
  rule 50
    action permit
    match protocol tcp
    match destination-port object-group dns
    enable
  exit
  rule 60
    action permit
    match protocol udp
    match destination-port object-group dns
    enable
  exit
  rule 70
    action permit
    match protocol tcp
    match destination-port object-group sa
    enable
  exit
  rule 80
    action permit
    match protocol udp
    match destination-port object-group radius_auth
    enable
  exit
  rule 90
    action permit
    match protocol gre
    enable
  exit
  rule 110
    action permit
    match protocol tcp
    match destination-port object-group airtune
    enable
  exit
exit
security zone-pair trusted trusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair trusted untrusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair untrusted self
  rule 1
    action permit
    match protocol udp
    match source-port object-group dhcp_server
    match destination-port object-group dhcp_client
    enable
  exit
exit
security zone-pair users self
  rule 10
    action permit
    match protocol icmp
    enable
  exit
  rule 20
    action permit
    match protocol udp
    match source-port object-group dhcp_client
    match destination-port object-group dhcp_server
    enable
  exit
  rule 30
    action permit
    match protocol tcp
    match destination-port object-group dns
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port object-group dns
    enable
  exit
exit
security zone-pair users untrusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair SYNC self
  rule 1
    action permit
    match protocol icmp
    enable
  exit
  rule 2
    action permit
    match protocol vrrp
    enable
  exit
  rule 3
    action permit
    match protocol ah
    enable
  exit
exit

security passwords default-expired

nat source
  ruleset factory
    to zone untrusted
    rule 10
      description "replace 'source ip' by outgoing interface ip address"
      action source-nat interface
      enable
    exit
  exit
exit

ip dhcp-server
ip dhcp-server pool ap-pool
  network 192.168.1.0/24
  address-range 192.168.1.5-192.168.1.254
  default-router 192.168.1.1
  dns-server 192.168.1.1
  option 42 ip-address 192.168.1.1
  vendor-specific
    suboption 12 ascii-text "192.168.1.1"
    suboption 15 ascii-text "https://192.168.1.1:8043"
  exit
exit
ip dhcp-server pool users-pool
  network 192.168.2.0/24
  address-range 192.168.2.4-192.168.2.254
  default-router 192.168.2.1
  dns-server 192.168.2.1
exit

softgre-controller
  nas-ip-address 127.0.0.1
  data-tunnel configuration wlc
  aaa radius-profile default_radius
  keepalive-disable
  service-vlan add 3
  enable
exit

wlc
  outside-address 192.168.1.1
  service-activator
    aps join auto
  exit
  airtune
    enable
  exit
  ap-location default-location
    description "default-location"
    mode tunnel
    ap-profile default-ap
    ssid-profile default-ssid
  exit
  ssid-profile default-ssid
    description "default-ssid"
    ssid "default-ssid"
    radius-profile default-radius
    vlan-id 3
    security-mode WPA2_1X
    802.11kv
    band 2g
    band 5g
    enable
  exit
  ap-profile default-ap
    password ascii-text password
  exit
  radius-profile default-radius
    auth-address 192.168.1.1
    auth-password ascii-text password
    domain default
  exit
  ip-pool default-ip-pool
    description "default-ip-pool"
    ap-location default-location
  exit
  enable
exit

ip ssh server

clock timezone gmt +7

ntp enable
ntp server 100.110.0.65
  minpoll 1
  maxpoll 4
exit
...
 Блок  кода
titleWLC-1
wlc-1# show cluster status 
Unit   Hostname               Role         MAC address         State            IP address        
----   --------------------   ----------   -----------------   --------------   ---------------   
1*     wlc-1                  Active       e4:5a:d4:a0:be:35   Joined           198.51.100.254       
2      wlc-2                  Standby      a8:f9:4b:af:35:84   Joined           198.51.100.253 
3      wlc-3                  Standby      68:13:e2:7e:82:2e   Joined           198.51.100.252 
 Примечание
После включения кластера и установления юнитов в состояние Joined, настройка устройств осуществляется настройкой Active устройства.
Синхронизируются команды конфигурации, а также команды: commit, confirm, rollback, restore, save, copy <source> system:candidate-config.
В случае, если конфигурирование осуществляется на Standby, то синхронизации не будет.
Есть возможность отключения синхронизации командой sync config disable.
Если между юнитами кластера не будет синхронизирована версия ПО, то команды commit, confirm не будут синхронизироваться на Standby устройство. 
...