Два WLC резервируют себя через протокол VRRP, интерфейс в сторону точек доступа подключен к коммутатору.

Примечание
Резервирование и организация Uplink не рассматриваются в данной статье.

Схема Схема включения

Drawio

border	true
viewerToolbar	true

fitWindow	false
diagramName	WLC_VRRP
simpleViewer	false
width
diagramWidth	1230
revision	1

...

Информация

На интерфейсах, где включен vrrp необходимо включить:

Блок кода
vrrp timers garp refresh 60

Данная команда определяет интервал, по истечении которого будет происходить периодическая отправка Gratuituous ARP-сообщения(ий), пока маршрутизатор находится в состоянии Master.

Адресация:

Интерфейс	VLAN	WLC-1 IP	WLC-2 IP	VRRP IP	Описание
Birdge 1	2449	192.168.1.2/24	192.168.1.3/24	192.168.1.1/32	Интерфейс для сети управления
Bridge 3	3	192.168.2.2/24	192.168.2.3/24	192.168.2.1/32	Интерфейс для клиентов Wi-Fi

Порты и протоколы, для которых нужно настроить Firewall:

...

Блок кода
softgre-controller peer-address 192.168.1.3 vrrp-group 1 exit

Настраиваем Softgre-туннель для синхронизации, в качестве local address указывается адрес vrrp-ip:

Блок кода
tunnel softgre 1 mode data local address 192.168.1.1 default-profile enable exit

Настраиваем WLC для синхронизации точек доступа:

...

Раскрыть

Блок кода

#!/usr/bin/clish
#192#193
#1.19.12
#31#22/0812/2023
#16#18:5122:4905
hostname WLC-1

object-group service airtune
  port-range 8099
exit
object-group service dhcp_client
  port-range 68
exit
object-group service dhcp_server
  port-range 67
exit
object-group service dns
  port-range 53
exit
object-group service netconf
  port-range 830
exit
object-group service ntp
  port-range 123
exit
object-group service radius_auth
  port-range 1812
exit
object-group service sa
  port-range 8043-8044
exit
object-group service ssh
  port-range 22
exit
object-group service sync
  port-range 873
exit
object-group service softgre_controller
  port-range 1337
exit

syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default
  severity info
exit

radius-server local
  nas ap
    key ascii-text encrypted 8CB5107EA7005AFF
    network 192.168.1.0/24
  exit
  nas local
    key ascii-text encrypted 8CB5107EA7005AFF
    network 127.0.0.1/32
  exit
  domain default
    user test
      password ascii-text encrypted CDE65039E5591FA3
    exit
  exit
  virtual-server default
    enable
  exit
  enable
exit
username admin
  password encrypted $6$SE44HkPtLYJkWMTZ$if1UHjuR3c9THrZAbh55PIxPhbAfCoTnyNJjG7rJIcLkTk4otQNjiHF6Sk6or3Rd4Q1uCUNvv6jUQyDQ0ffSx0
exit
radius-server host 127.0.0.1
  key ascii-text encrypted 8CB5107EA7005AFF
exit
aaa radius-profile default_radius
  radius-server host 127.0.0.1
exit


boot host auto-config
boot host auto-update
vlan 3
  force-up
exit
vlan 2449
  force-up
exit
vlan 2
exit

no spanning-tree

domain lookup enable

security zone trusted
exit
security zone untrusted
exit
security zone users
exit

bridge 1
  vlan 2449
  security-zone trusted
  ip address 192.168.1.2/24
  vrrp id 1
  vrrp ip 192.168.1.1/32
  vrrp priority 120
  vrrp group 1
  vrrp preempt disable
  vrrp timers garp refresh 60
  vrrp
  no spanning-tree
  enable
exit
bridge 2
  vlan 2
  security-zone untrusted
  ip firewall disable
  ip address dhcp
  no spanning-tree
  enable
exit
bridge 3
  vlan 3
  mtu 1458
  security-zone users
  ip address 192.168.2.2/24
  vrrp id 3
  vrrp ip 192.168.2.1/32
  vrrp priority 120
  vrrp group 1
  vrrp preempt disable
  vrrp timers garp refresh 60
  vrrp
  no spanning-tree
  enable
exit

interface gigabitethernet 1/0/1
  mode switchport
  switchport access vlan 2
exit
interface gigabitethernet 1/0/2
  mode switchport
  switchport mode trunk
  switchport trunk allowed vlan add 3,2449
exit
interface gigabitethernet 1/0/3
  mode switchport
exit
interface gigabitethernet 1/0/4
  mode switchport
exit
interface tengigabitethernet 1/0/1
  mode switchport
  switchport access vlan 2
exit
interface tengigabitethernet 1/0/2
  mode switchport
exit
tunnel softgre 1
  mode data
  local address 192.168.1.1
  default-profile
  enable
exit

security zone-pair trusted self
  rule 10
    action permit
    match protocol tcp
    match destination-port ssh
    enable
  exit
  rule 11
    action permit
    match protocol vrrp
    enable
  exit
  rule 12
    action permit
    match protocol tcp
    match destination-port softgre_controller
    enable
  exit
  rule 13
    action permit
    match protocol tcp
    match destination-port sync
    enable
  exit
  rule 20
    action permit
    match protocol icmp
    enable
  exit
  rule 30
    action permit
    match protocol udp
    match source-port dhcp_client
    match destination-port dhcp_server
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port ntp
    enable
  exit
  rule 50
    action permit
    match protocol tcp
    match destination-port dns
    enable
  exit
  rule 60
    action permit
    match protocol udp
    match destination-port dns
    enable
  exit
  rule 70
    action permit
    match protocol tcp
    match destination-port netconf
    enable
  exit
  rule 80
    action permit
    match protocol tcp
    match destination-port sa
    enable
  exit
  rule 90
    action permit
    match protocol udp
    match destination-port radius_auth
    enable
  exit
  rule 100
    action permit
    match protocol gre
    enable
  exit
  rule 110
    action permit
    match protocol tcp
    match destination-port airtune
    enable
  exit
exit
security zone-pair trusted trusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair trusted untrusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair untrusted self
  rule 1
    action permit
    match protocol udp
    match source-port dhcp_server
    match destination-port dhcp_client
    enable
  exit
exit
security zone-pair users self
  rule 10
    action permit
    match protocol icmp
    enable
  exit
  rule 11
    action permit
    match protocol vrrp
    enable
  exit
  rule 20
    action permit
    match protocol udp
    match source-port dhcp_client
    match destination-port dhcp_server
    enable
  exit
  rule 30
    action permit
    match protocol tcp
    match destination-port dns
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port dns
    enable
  exit
exit
security zone-pair users untrusted
  rule 1
    action permit
    enable
  exit
exit

security passwords default-expired
nat source
  ruleset factory
    to zone untrusted
    rule 10
      description "replace 'source ip' by outgoing interface ip address"
      action source-nat interface
      enable
    exit
  exit
exit

ip dhcp-server
ip dhcp-server pool ap-pool
  network 192.168.1.0/24
  address-range 192.168.1.4-192.168.1.254
  default-router 192.168.1.1
  dns-server 192.168.1.1
  option 42 ip-address 192.168.1.1
  vendor-specific
    suboption 12 ascii-text "192.168.1.1"
    suboption 15 ascii-text "https://192.168.1.1:8043"
  exit
exit
ip dhcp-server pool users-pool
  network 192.168.2.0/24
  address-range 192.168.2.4-192.168.2.254
  default-router 192.168.2.1
  dns-server 192.168.2.1
exit

ip dhcp-server failover
  mode active-standby
  local-address 192.168.1.2
  remote-address 192.168.1.3
  vrrp-group 1
  enable
exit

softgre-controller
  peer-address 192.168.1.3
  nas-ip-address 127.0.0.1
  vrrp-group 1
  data-tunnel configuration wlc
  aaa radius-profile default_radius
  keepalive-disable
  service-vlan add 3
  enable
exit

wlc
  outside-address 192.168.1.1
  service-activator
    aps join auto
    password private-crt-key ascii-text encrypted 8CB5107EA7005AFF
  exit
  airtune
    enable
  exit
  failover
    local-address 192.168.1.2
    remote-address 192.168.1.3
    vrrp-group 1
    enable
  exit
  ap-location default-location
    description default-location
    mode tunnel
    ap-profile default-ap
    airtune-profile default_airtune
    boardradio-profile WEP-1L default_wep-1l_profile
    board-profile WEP-200L default_wep-200l_profile2g-profile default_2g
    boardradio-profile WEP-2L default_wep-2l_profile
    board-profile WEP-30L default_wep-30l_profile5g-profile default_5g
    board-profile WEP-3ax default_wep-3ax_profile
    board-profile WOP-20L default_wop-20l_profile
    board-profile WOP-2L default_wop-2l_profile
    board-profile WOP-30L default_wop-30l_profile
    ssid-profile default-ssid
  exit
  airtune-profile default_airtune
  exit
  ssid-profile default-ssid
    description default-ssid
    ssid default-ssid
    radius-profile default-radius
    vlan-id 3
    security-mode WPA2_1X
    802.11kv
    band 2g
    band 5g
    enable
  exit
  board-profile default_wep-1l_profile
    ap-model WEP-1L
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode ac
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wep-200l_profile
    ap-model WEP-200L
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode ac
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wep-2l_profile
    ap-model WEP-2L
    radio wlan0
      band 2g
      workobss-modecoexistence bgnoff
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode ac
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wep-30l_profile
    ap-model WEP-30L
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode anacax
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wep-3ax_profile
    ap-model WEP-3ax
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
    dfs forced
work-mode anacax       autochannel
      channel 36
      use-limit-channels
obss-coexistence off
     bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wop-20l_profile
    ap-model WOP-20L
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode ac
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wop-2l_profile
    ap-model WOP-2L
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode ac
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  board-profile default_wop-30l_profile
    ap-model WOP-30L
    radio wlan0
      band 2g
      work-mode bgn
      autochannel
      channel 1
      use-limit-channels
      bandwidth 20
      tx-power 16
      limit-channels 1,11,6
    exit
    radio wlan1
      band 5g
      work-mode anacax
      autochannel
      channel 36
      use-limit-channels
      bandwidth 20
      tx-power 19
      limit-channels 36,40,44,48
    exit
  exit
  ap-profile default-ap
    ,52,56,60,64
  exit
  ap-profile default-ap
    password ascii-text encrypted 8CB5107EA7005AFF
  exit
  radius-profile default-radius
    auth-address 192.168.1.1
    auth-password ascii-text encrypted 8CB5107EA7005AFF
    domain default
  exit
  ip-pool default-ip-pool
    description default-ip-pool
    ap-location default-location
  exit
  enable
exit

ip ssh server

ntp enable
ntp broadcast-client enable

crypto-sync
  local-address 192.168.1.2
  remote-address 192.168.1.3
  vrrp-group 1
  remote-delete
  enable
exit

...

Настраиваем интерфейс gi 1/0/2 , для приема тегированного трафика в VLAN 3 и 2449:

...

Scroll Pagebreak

Настраиваем Softgre-туннель для синхронизации, в качестве local address указывается адрес vrrp-ip:

Блок кода
tunnel softgre 1 mode data local address 192.168.1.1 default-profile enable exit

Настраиваем WLC для синхронизации точек доступа:

...

Раскрыть

Блок кода

#!/usr/bin/clish
#192#193
#1.19.12
#31#22/0812/2023
#16#18:5122:4905
hostname WLC-2

object-group service airtune
  port-range 8099
exit
object-group service dhcp_client
  port-range 68
exit
object-group service dhcp_server
  port-range 67
exit
object-group service dns
  port-range 53
exit
object-group service netconf
  port-range 830
exit
object-group service ntp
  port-range 123
exit
object-group service radius_auth
  port-range 1812
exit
object-group service sa
  port-range 8043-8044
exit
object-group service ssh
  port-range 22
exit
object-group service sync
  port-range 873
exit
object-group service softgre_controller
  port-range 1337
exit

syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default
  severity info
exit

radius-server local
  nas ap
    key ascii-text encrypted 8CB5107EA7005AFF
    network 192.168.1.0/24
  exit
  nas local
    key ascii-text encrypted 8CB5107EA7005AFF
    network 127.0.0.1/32
  exit
  domain default
    user test
      password ascii-text encrypted CDE65039E5591FA3
    exit
  exit
  virtual-server default
    enable
  exit
  enable
exit
username admin
  password encrypted $6$gnFubZbxiPHa/WdA$xEmrfe/dVeVNDGBztQUB1Sk8In.20Hep/LxMJhxcHFWCfs2SPwxaCyyNxmzL3Bqu8buj71PPfp7WdfWz8AqrU/
exit
radius-server host 127.0.0.1
  key ascii-text encrypted 8CB5107EA7005AFF
exit
aaa radius-profile default_radius
  radius-server host 127.0.0.1
exit


boot host auto-config
boot host auto-update
vlan 3
  force-up
exit
vlan 2449
  force-up
exit
vlan 2
exit

no spanning-tree

domain lookup enable

security zone trusted
exit
security zone untrusted
exit
security zone users
exit

bridge 1
  vlan 2449
  security-zone trusted
  ip address 192.168.1.3/24
  vrrp id 1
  vrrp ip 192.168.1.1/32
  vrrp priority 110
  vrrp group 1
  vrrp preempt disable
  vrrp timers garp refresh 60
  vrrp
  no spanning-tree
  enable
exit
bridge 2
  vlan 2
  security-zone untrusted
  ip address dhcp
  no spanning-tree
  enable
exit
bridge 3
  vlan 3
  mtu 1458
  security-zone users
  ip address 192.168.2.3/24
  vrrp id 3
  vrrp ip 192.168.2.1/32
  vrrp priority 110
  vrrp group 1
  vrrp preempt disable
  vrrp timers garp refresh 60
  vrrp
  no spanning-tree
  enable
exit

interface gigabitethernet 1/0/1
  mode switchport
  switchport access vlan 2
exit
interface gigabitethernet 1/0/2
  mode switchport
  switchport mode trunk
  switchport trunk allowed vlan add 3,2449
exit
interface gigabitethernet 1/0/3
  mode switchport
exit
interface gigabitethernet 1/0/4
  mode switchport
exit
interface tengigabitethernet 1/0/1
  mode switchport
  switchport access vlan 2
exit
interface tengigabitethernet 1/0/2
  mode switchport
exit
tunnel softgre 1
  mode data
  local address 192.168.1.1
  default-profile
  enable
exit

security zone-pair trusted self
  rule 10
    action permit
    match protocol tcp
    match destination-port ssh
    enable
  exit
  rule 11
    action permit
    match protocol vrrp
    enable
  exit
  rule 12
    action permit
    match protocol tcp
    match destination-port softgre_controller
    enable
  exit
  rule 13
    action permit
    match protocol tcp
    match destination-port sync
    enable
  exit
  rule 20
    action permit
    match protocol icmp
    enable
  exit
  rule 30
    action permit
    match protocol udp
    match source-port dhcp_client
    match destination-port dhcp_server
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port ntp
    enable
  exit
  rule 50
    action permit
    match protocol tcp
    match destination-port dns
    enable
  exit
  rule 60
    action permit
    match protocol udp
    match destination-port dns
    enable
  exit
  rule 70
    action permit
    match protocol tcp
    match destination-port netconf
    enable
  exit
  rule 80
    action permit
    match protocol tcp
    match destination-port sa
    enable
  exit
  rule 90
    action permit
    match protocol udp
    match destination-port radius_auth
    enable
  exit
  rule 100
    action permit
    match protocol gre
    enable
  exit
  rule 110
    action permit
    match protocol tcp
    match destination-port airtune
    enable
  exit
exit
security zone-pair trusted trusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair trusted untrusted
  rule 1
    action permit
    enable
  exit
exit
security zone-pair untrusted self
  rule 1
    action permit
    match protocol udp
    match source-port dhcp_server
    match destination-port dhcp_client
    enable
  exit
exit
security zone-pair users self
  rule 10
    action permit
    match protocol icmp
    enable
  exit
  rule 11
    action permit
    match protocol vrrp
    enable
  exit
  rule 20
    action permit
    match protocol udp
    match source-port dhcp_client
    match destination-port dhcp_server
    enable
  exit
  rule 30
    action permit
    match protocol tcp
    match destination-port dns
    enable
  exit
  rule 40
    action permit
    match protocol udp
    match destination-port dns
    enable
  exit
exit
security zone-pair users untrusted
  rule 1
    action permit
    enable
  exit
exit

security passwords default-expired
nat source
  ruleset factory
    to zone untrusted
    rule 10
      description "replace 'source ip' by outgoing interface ip address"
      action source-nat interface
      enable
    exit
  exit
exit

ip dhcp-server
ip dhcp-server pool ap-pool
  network 192.168.1.0/24
  address-range 192.168.1.4-192.168.1.254
  default-router 192.168.1.1
  dns-server 192.168.1.1
  option 42 ip-address 192.168.1.1
  vendor-specific
    suboption 12 ascii-text "192.168.1.1"
    suboption 15 ascii-text "https://192.168.1.1:8043"
  exit
exit
ip dhcp-server pool users-pool
  network 192.168.2.0/24
  address-range 192.168.2.4-192.168.2.254
  default-router 192.168.2.1
  dns-server 192.168.2.1
exit

ip dhcp-server failover
  mode active-standby
  local-address 192.168.1.3
  remote-address 192.168.1.2
  vrrp-group 1
  enable
exit

softgre-controller
  peer-address 192.168.1.2
  nas-ip-address 127.0.0.1
  vrrp-group 1
  data-tunnel configuration wlc
  aaa radius-profile default_radius
  keepalive-disable
  service-vlan add 3
  enable
exit

wlc
  outside-address 192.168.1.1
  service-activator
    aps join auto
    password private-crt-key ascii-text encrypted 8CB5107EA7005AFF
  exit
  airtune
    enable
  exit
  failover
    local-address 192.168.1.3
    remote-address 192.168.1.2
    vrrp-group 1
enable exit ap-location default-location descriptionenable
default-location mode tunnelexit
  ap-profilelocation default-aplocation
airtune-profile default_airtune board-profile WEP-1L default_wep-1l_profile
board-profile WEP-200L default_wep-200l_profile
board-profile WEP-2L default_wep-2l_profile
board-profile WEP-30L default_wep-30l_profile
board-profile WEP-3ax default_wep-3ax_profile
board-profile WOP-20L default_wop-20l_profile
board-profile WOP-2L default_wop-2l_profile
board-profile WOP-30L default_wop-30l_profile
ssid-profile default-ssid
exit
 description default-location
    mode tunnel
    ap-profile default-ap
    airtune-profile default_airtune
exit ssid-profile default-ssid description default-ssid
ssid default-ssid
radius-radio-2g-profile default-radius
vlan-id 3
security-mode WPA2_1X
802.11kv
band 2g
band 5g enable exit boardradio-5g-profile default_wep-1l_profile
ap-model WEP-1L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode ac
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wep-200l_profile
ap-model WEP-200L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode ac
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wep-2l_profile
ap-model WEP-2L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode ac
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wep-30l_profile
ap-model WEP-30L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode anacax
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wep-3ax_profile
ap-model WEP-3ax
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode anacax
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wop-20l_profile
ap-model WOP-20L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode ac
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wop-2l_profile
ap-model WOP-2L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode ac
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
board-profile default_wop-30l_profile
ap-model WOP-30L
radio wlan0
band 2g
work-mode bgn
autochannel
channel 1
use-limit-channels
bandwidth 20
tx-power 16
limit-channels 1,11,6
exit
radio wlan1
band 5g
work-mode anacax
autochannel
channel 36
use-limit-channels
bandwidth 20
tx-power 19
limit-channels 36,40,44,48
exit
exit
ap-profile default-ap
password ascii-text encrypted 8CB5107EA7005AFF
exit
radius-profile default-radius
5g
    ssid-profile default-ssid
  exit
  airtune-profile default_airtune
  exit
  ssid-profile default-ssid
    description default-ssid
    ssid default-ssid
    radius-profile default-radius
    vlan-id 3
    security-mode WPA2_1X
    802.11kv
    band 2g
    band 5g
    enable
  exit
  radio-2g-profile default_2g
    obss-coexistence off
  exit
  radio-5g-profile default_5g
    dfs forced
    obss-coexistence off
    limit-channels 36,40,44,48,52,56,60,64
  exit
  ap-profile default-ap
    password ascii-text encrypted 8CB5107EA7005AFF
  exit
  radius-profile default-radius
    auth-address 192.168.1.1
    auth-password ascii-text encrypted 8CB5107EA7005AFF
    domain default
  exit
  ip-pool default-ip-pool
    description default-ip-pool
    ap-location default-location
  exit
  enable
exit

ip ssh server

ntp enable
ntp broadcast-client enable

crypto-sync
  local-address 192.168.1.3
  remote-address 192.168.1.2
  vrrp-group 1
  remote-delete
  enable
exit

Проверка

Для проверки синхронизации туннелей, WLC, DHCP можно посмотреть вывод:

Блок кода

WLC-1# show high-availability state 
VRRP role:                         Master
AP Tunnels:
    State:                         Successful synchronization
    Last synchronization:          06:18:03 25.09.2023
DHCP option 82 table:
    State:                         Disabled
    Last state change:             --
DHCP server:
VRF:                               --
    State:                         Successful synchronization
crypto-sync:
    State:                         Successful synchronization
    Last synchronization:          06:18:03 25.09.2023
Firewall:
    State:                         Disabled
    Last state change:             --
WLC:
    State:                         Successful synchronization
	Last synchronization:          06:18:03 25.09.2023

Дерево страниц

Сравнение версий

Старая версия 1

Новая версия Текущий

Ключ

Схема Схема включения

Проверка

Дерево страниц

История страницы

Сравнение версий

Старая версия 1

Новая версия Текущий

Ключ

Схема Схема включения

Проверка