VRRP hot standby (HSB) ensures high reliability by preventing stations network access from being interrupted due to failure of a WAC or CAPWAP links. VRRP HSB is implemented through VRRP and HSB. The master and backup ACs are determined through VRRP negotiation. The master AC manages APs and provides services for them. The backup AC receives information synchronized from the master AC and monitors the working status of the master AC. The AC in working state backs up entries to the AC in backup state in real time through HSB. If the working AC fails, the AC in backup state quickly takes over services from the master AC.

Networking description.

Two APs are deployed in active/standby mode. The GW of AP’s management is on the WAC while the GW of wireless users is on the CORE. VLAN100 is AP management VLAN while VLAN 101 is service VLAN. Configure VRRP on AC1 and AC2, set AC1 as the active device to forward traffic. Configure HSB on the ACs so that service information on AC1 is backed up to AC2 ensuring seamless service switchover when the active AC fails.

Step 1: Configure access switch, core switch and AR.

*******************************************ACC
system-view
sysname ACC
#
vlan batch 100 to 101
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 to 101

*******************************************CORE
system-view
sysname CORE
#
vlan batch 100 to 102
#
dhcp enable
#
dhcp server database enable
dhcp server database recover
#
interface Vlanif101
 ip address 10.23.101.1 255.255.255.0
 dhcp select interface
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 102
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 102
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk pvid vlan 101
 port trunk allow-pass vlan 101
#
ip route-static 0.0.0.0 0.0.0.0 10.23.101.2

******************************************AR
system-view
sysname AR
#
interface GigabitEthernet0/0/0
 ip address 10.23.101.2 255.255.255.0
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255

Step 2: Configure interfaces, DHCP and VRRP on WACs.

******************************************AC6005_1
system-view
sysname AC6005_1
#
vlan batch 100 102
#
dhcp enable
#
dhcp server database enable
dhcp server database recover
#
ip pool ap_management
 gateway-list 10.23.100.3 
 network 10.23.100.0 mask 255.255.255.0 
 excluded-ip-address 10.23.100.1 10.23.100.2 
#
interface Vlanif100
 ip address 10.23.100.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.23.100.3
 admin-vrrp vrid 1 
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 1800
 dhcp select global
#
vrrp recover-delay 60
#
interface Vlanif102
 ip address 10.23.102.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 102

******************************************AC6005_2
system-view
sysname AC6005_2
#
dhcp enable
#
dhcp server database enable 
dhcp server database recover 
#
ip pool ap_management
 gateway-list 10.23.100.3 
 network 10.23.100.0 mask 255.255.255.0 
 excluded-ip-address 10.23.100.1 10.23.100.2 
#
interface Vlanif100
 ip address 10.23.100.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.23.100.3
 admin-vrrp vrid 1 
 dhcp select global
#
vrrp recover-delay 60
#
interface Vlanif102
 ip address 10.23.102.2 255.255.255.0
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 102

Step 3: Configure HSB service and HSB group.

******************************************AC6005_1
system-view
hsb-service 0
 service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10256 peer-data-port 10256
 service-keep-alive detect retransmit 3 interval 6
#
hsb-group 0
 track vrrp vrid 1 interface Vlanif100
 bind-service 0
 hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0

******************************************AC6005_2
system-view
hsb-service 0
 service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10256 
peer-data-port 10256
 service-keep-alive detect retransmit 3 interval 6
#
hsb-group 0
 track vrrp vrid 1 interface Vlanif100
 bind-service 0
 hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0
#

Step 4: Configure wlan parameters and specify CAPWAP source.

******************************************AC6005_1
system-view
wlan
security-profile name MVP
  security wpa-wpa2 psk pass-phrase jambo_987 aes

 ssid-profile name MVP
  ssid MVP

 vap-profile name MVP
  service-vlan vlan-id 101
  ssid-profile MVP
  security-profile MVP

 regulatory-domain-profile name MVP
  country-code CH

 ap-group name MVP
 regulatory-domain-profile MVP
  radio 0
   vap-profile MVP wlan 1 radio all 

ap auth-mode mac-auth
 ap-id 1 type-id 69 ap-mac 00e0-fc0c-4110 ap-sn 210235448310371B3948
  ap-name AP1
  ap-group MVP

******************************************AC6005_2
system-view
wlan
security-profile name MVP
  security wpa-wpa2 psk pass-phrase jambo_987 aes

 ssid-profile name MVP
  ssid MVP

 vap-profile name MVP
  service-vlan vlan-id 101
  ssid-profile MVP
  security-profile MVP

 regulatory-domain-profile name MVP
  country-code CH

 ap-group name MVP
 regulatory-domain-profile MVP
  radio 0
   vap-profile MVP wlan 1 radio all 

ap auth-mode mac-auth
 ap-id 1 type-id 69 ap-mac 00e0-fc0c-4110 ap-sn 210235448310371B3948
  ap-name AP1
  ap-group MVP

Step 5: Result Confirmation.

Check VRRP.

Check HSB service.

Check HSB group.

Check AP status on WAC.

Connect the laptop to the wireless SSID, ping 8.8.8.8. Do a continuous ping and simulate WAC switchover by shutting down either the physical interface or the management vlanif interface, check if we have service interruption.