VRRP HSB (Direct forwarding) Implementation on Huawei WACs.
- October 13, 2024
- Posted by: James Majani
- Categories: Huawei, Networking
VRRP hot standby (HSB) ensures high reliability by preventing stations network access from being interrupted due to failure of a WAC or CAPWAP links. VRRP HSB is implemented through VRRP and HSB. The master and backup ACs are determined through VRRP negotiation. The master AC manages APs and provides services for them. The backup AC receives information synchronized from the master AC and monitors the working status of the master AC. The AC in working state backs up entries to the AC in backup state in real time through HSB. If the working AC fails, the AC in backup state quickly takes over services from the master AC.
Networking description.
Two APs are deployed in active/standby mode. The GW of AP’s management is on the WAC while the GW of wireless users is on the CORE. VLAN100 is AP management VLAN while VLAN 101 is service VLAN. Configure VRRP on AC1 and AC2, set AC1 as the active device to forward traffic. Configure HSB on the ACs so that service information on AC1 is backed up to AC2 ensuring seamless service switchover when the active AC fails.
Step 1: Configure access switch, core switch and AR.
*******************************************ACC
system-view
sysname ACC
#
vlan batch 100 to 101
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 101
*******************************************CORE
system-view
sysname CORE
#
vlan batch 100 to 102
#
dhcp enable
#
dhcp server database enable
dhcp server database recover
#
interface Vlanif101
ip address 10.23.101.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 102
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 102
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk pvid vlan 101
port trunk allow-pass vlan 101
#
ip route-static 0.0.0.0 0.0.0.0 10.23.101.2
******************************************AR
system-view
sysname AR
#
interface GigabitEthernet0/0/0
ip address 10.23.101.2 255.255.255.0
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
Step 2: Configure interfaces, DHCP and VRRP on WACs.
******************************************AC6005_1
system-view
sysname AC6005_1
#
vlan batch 100 102
#
dhcp enable
#
dhcp server database enable
dhcp server database recover
#
ip pool ap_management
gateway-list 10.23.100.3
network 10.23.100.0 mask 255.255.255.0
excluded-ip-address 10.23.100.1 10.23.100.2
#
interface Vlanif100
ip address 10.23.100.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.23.100.3
admin-vrrp vrid 1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 1800
dhcp select global
#
vrrp recover-delay 60
#
interface Vlanif102
ip address 10.23.102.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 102
******************************************AC6005_2
system-view
sysname AC6005_2
#
dhcp enable
#
dhcp server database enable
dhcp server database recover
#
ip pool ap_management
gateway-list 10.23.100.3
network 10.23.100.0 mask 255.255.255.0
excluded-ip-address 10.23.100.1 10.23.100.2
#
interface Vlanif100
ip address 10.23.100.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.23.100.3
admin-vrrp vrid 1
dhcp select global
#
vrrp recover-delay 60
#
interface Vlanif102
ip address 10.23.102.2 255.255.255.0
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 102
Step 3: Configure HSB service and HSB group.
******************************************AC6005_1
system-view
hsb-service 0
service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10256 peer-data-port 10256
service-keep-alive detect retransmit 3 interval 6
#
hsb-group 0
track vrrp vrid 1 interface Vlanif100
bind-service 0
hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0
******************************************AC6005_2
system-view
hsb-service 0
service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10256
peer-data-port 10256
service-keep-alive detect retransmit 3 interval 6
#
hsb-group 0
track vrrp vrid 1 interface Vlanif100
bind-service 0
hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0
#
Step 4: Configure wlan parameters and specify CAPWAP source.
******************************************AC6005_1
system-view
wlan
security-profile name MVP
security wpa-wpa2 psk pass-phrase jambo_987 aes
ssid-profile name MVP
ssid MVP
vap-profile name MVP
service-vlan vlan-id 101
ssid-profile MVP
security-profile MVP
regulatory-domain-profile name MVP
country-code CH
ap-group name MVP
regulatory-domain-profile MVP
radio 0
vap-profile MVP wlan 1 radio all
ap auth-mode mac-auth
ap-id 1 type-id 69 ap-mac 00e0-fc0c-4110 ap-sn 210235448310371B3948
ap-name AP1
ap-group MVP
******************************************AC6005_2
system-view
wlan
security-profile name MVP
security wpa-wpa2 psk pass-phrase jambo_987 aes
ssid-profile name MVP
ssid MVP
vap-profile name MVP
service-vlan vlan-id 101
ssid-profile MVP
security-profile MVP
regulatory-domain-profile name MVP
country-code CH
ap-group name MVP
regulatory-domain-profile MVP
radio 0
vap-profile MVP wlan 1 radio all
ap auth-mode mac-auth
ap-id 1 type-id 69 ap-mac 00e0-fc0c-4110 ap-sn 210235448310371B3948
ap-name AP1
ap-group MVP
Step 5: Result Confirmation.
Check VRRP.
Check HSB service.
Check HSB group.
Check AP status on WAC.
Connect the laptop to the wireless SSID, ping 8.8.8.8. Do a continuous ping and simulate WAC switchover by shutting down either the physical interface or the management vlanif interface, check if we have service interruption.