配置双链路热备份场景下的无线配置同步示例
组网图形
图1 配置双链路热备份示例组网图
业务需求
某企业为保证业务的正常运营,希望提高网络可靠性,同时还希望减少配置维护的工作量。为满足用户的需求,可以采用双链路热备份下应用无线配置同步的方案。这种方案下,主、备AC不受地理位置限制,部署灵活。
组网需求
- AC组网方式:旁挂二层组网。
- DHCP部署方式:Router作为DHCP服务器为AP和STA分配IP地址。
- 业务数据转发方式:直接转发。
数据规划
| 项目 | 数据 |
|---|---|
| AP管理VLAN | VLAN100 |
| STA业务VLAN | VLAN101 |
| AC备份VLAN | VLAN102 |
| DHCP服务器 | Router作为AP和STA的DHCP服务器 STA网关:10.23.101.1/24 AP网关:10.23.100.1/24 |
| AP地址池 | 10.23.100.4~10.23.100.254/24 |
| STA地址池 | 10.23.101.2~10.23.101.254/24 |
| AC源接口 | VLANIF100 |
| AC1管理IP地址 | VLANIF100接口:10.23.100.2/24 |
| AC2管理IP地址 | VLANIF100接口:10.23.100.3/24 |
| 主用AC | AC1 |
| 备用AC | AC2 |
| Master AC | AC1 |
| Local AC | AC2 |
| AP组 |
|
| 域管理模板 |
|
| SSID模板 |
|
| 安全模板 |
|
| VAP模板 |
|
| AP系统模板 |
|
| 无线配置同步定时同步 | 定时同步的起始时间:凌晨一点 定时同步的间隔时间:1440分钟 |
配置思路
- 配置AC1、AC2和其他网络设备实现网络互通。Router作为DHCP Server为AP和STA分配IP地址。
- 在AC1上配置WLAN基本业务,在AC2上仅配置WLAN私有配置。
- 配置AC1为主AC、AC2为备AC。先后在主备AC上配置双链路热备份功能。开启双链路热备份时,会重启所有AP。
- 配置双链路热备份场景下的无线配置同步。
配置注意事项
- 纯组播报文由于协议要求在无线空口没有ACK机制保障,且无线空口链路不稳定,为了纯组播报文能够稳定发送,通常会以低速报文形式发送。如果网络侧有大量异常组播流量涌入,则会造成无线空口拥堵。为了减小大量低速组播报文对无线网络造成的冲击,建议配置组播报文抑制功能。配置前请确认是否有组播业务,如果有,请谨慎配置限速值。
- 业务数据转发方式采用直接转发时,建议在直连AP的交换机接口上配置组播报文抑制。
- 业务数据转发方式采用隧道转发时,建议在AC的流量模板下配置组播报文抑制。
-
建议在与AP直连的设备接口上配置端口隔离,如果不配置端口隔离,尤其是业务数据转发方式采用直接转发时,可能会在VLAN内形成大量不必要的广播报文,导致网络阻塞,影响用户体验。
-
隧道转发模式下,管理VLAN和业务VLAN不能配置为同一VLAN,且AP和AC之间只能放通管理VLAN,不能放通业务VLAN。
- V200R021C00版本开始,配置CAPWAP源接口或源地址时,会检查和安全相关的配置是否已存在,包括DTLS加密的PSK、AC间DTLS加密的PSK、登录AP的用户名和密码、全局离线管理VAP的登录密码,均已存在才能成功配置,否则会提示用户先完成相关的配置。
- V200R021C00版本开始,AC默认开启CAPWAP控制隧道的DTLS加密功能。开启该功能,添加AP时AP会上线失败,此时需要先开启CAPWAP DTLS不认证方式(capwap dtls no-auth enable)让AP上线,以便AP获取安全凭证,AP上线后应及时关闭该功能(undo capwap dtls no-auth enable),避免未授权AP上线。
操作步骤
- 配置SwitchA、SwitchB和AC1和AC2,使AP与AC之间能够传输CAPWAP报文
# 配置SwitchA连接AP的接口GE0/0/1的PVID为VLAN100(管理VLAN)并加入VLAN100和VLAN101,SwitchA连接SwitchB的接口GE0/0/2加入VLAN100和VLAN101。
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 100 [SwitchA] interface gigabitethernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port link-type trunk [SwitchA-GigabitEthernet0/0/1] port trunk pvid vlan 100 [SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101 [SwitchA-GigabitEthernet0/0/1] quit [SwitchA] interface gigabitethernet 0/0/2 [SwitchA-GigabitEthernet0/0/2] port link-type trunk [SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101 [SwitchA-GigabitEthernet0/0/2] quit
# 配置汇聚交换机SwitchB连接SwitchA的接口GE0/0/1加入VLAN100和VLAN101,SwitchB连接AC1的接口GE0/0/2和SwitchB连接AC2的接口GE0/0/3加入VLAN100。
<HUAWEI> system-view [HUAWEI] sysname SwitchB [SwitchB] vlan batch 100 [SwitchB] interface gigabitethernet 0/0/1 [SwitchB-GigabitEthernet0/0/1] port link-type trunk [SwitchB-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101 [SwitchB-GigabitEthernet0/0/1] quit [SwitchB] interface gigabitethernet 0/0/2 [SwitchB-GigabitEthernet0/0/2] port link-type trunk [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 [SwitchB-GigabitEthernet0/0/2] quit [SwitchB] interface gigabitethernet 0/0/3 [SwitchB-GigabitEthernet0/0/3] port link-type trunk [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 [SwitchB-GigabitEthernet0/0/3] quit
# 配置AC1连接SwitchB的接口GE0/0/1加入VLAN100。
<HUAWEI> system-view [HUAWEI] sysname AC1 [AC1] vlan batch 100 [AC1] interface gigabitethernet 0/0/1 [AC1-GigabitEthernet0/0/1] port link-type trunk [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AC1-GigabitEthernet0/0/1] quit
# 配置AC2连接SwitchB的接口GE0/0/1加入VLAN100。
<HUAWEI> system-view [HUAWEI] sysname AC2 [AC2] vlan batch 100 [AC2] interface gigabitethernet 0/0/1 [AC2-GigabitEthernet0/0/1] port link-type trunk [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 [AC2-GigabitEthernet0/0/1] quit
- 配置AC1、AC2和Router互通
# 配置AC1的接口GE0/0/1加入VLAN102(备份VLAN)。
[AC1] vlan batch 101 102 [AC1] interface vlanif 100 [AC1-Vlanif100] ip address 10.23.100.2 24 [AC1-Vlanif100] quit [AC1] interface vlanif 102 [AC1-Vlanif102] ip address 10.23.102.1 24 [AC1-Vlanif102] quit [AC1] interface gigabitethernet 0/0/1 [AC1-GigabitEthernet0/0/1] port trunk allow-pass vlan 102 [AC1-GigabitEthernet0/0/1] quit
# 配置AC2的接口GE0/0/1加入VLAN102。
[AC2] vlan batch 101 102 [AC2] interface vlanif 100 [AC2-Vlanif100] ip address 10.23.100.3 24 [AC2-Vlanif100] quit [AC2] interface vlanif 102 [AC2-Vlanif102] ip address 10.23.102.2 24 [AC2-Vlanif102] quit [AC2] interface gigabitethernet 0/0/1 [AC2-GigabitEthernet0/0/1] port trunk allow-pass vlan 102 [AC2-GigabitEthernet0/0/1] quit
# 配置SwitchB的接口GE0/0/2和GE0/0/3加入VLAN102,SwitchB连接Router的接口GE0/0/4加入VLAN100和VLAN101。
[SwitchB] vlan batch 101 102 [SwitchB] interface gigabitethernet 0/0/2 [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 102 [SwitchB-GigabitEthernet0/0/2] quit [SwitchB] interface gigabitethernet 0/0/3 [SwitchB-GigabitEthernet0/0/3] port trunk allow-pass vlan 102 [SwitchB-GigabitEthernet0/0/3] quit [SwitchB] interface gigabitethernet 0/0/4 [SwitchB-GigabitEthernet0/0/4] port link-type trunk [SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 100 101 [SwitchB-GigabitEthernet0/0/4] quit
- 配置Router给STA和AP分配IP地址 DNS服务器地址请根据实际需要配置。常用配置方法如下:
- 接口地址池场景,需要在VLANIF接口视图下执行命令dhcp server dns-list ip-address &<1-8>。
- 全局地址池场景,需要在IP地址池视图下执行命令dns-list ip-address &<1-8>。
<Huawei> system-view [Huawei] sysname Router [Router] vlan batch 100 101 [Router] dhcp enable [Router] ip pool sta [Router-ip-pool-sta] network 10.23.101.0 mask 24 [Router-ip-pool-sta] gateway-list 10.23.101.1 [Router-ip-pool-sta] quit [Router] ip pool ap [Router-ip-pool-ap] network 10.23.100.0 mask 24 [Router-ip-pool-ap] excluded-ip-address 10.23.100.2 [Router-ip-pool-ap] excluded-ip-address 10.23.100.3 [Router-ip-pool-ap] gateway-list 10.23.100.1 [Router-ip-pool-ap] quit [Router] interface vlanif 100 [Router-Vlanif100] ip address 10.23.100.1 24 [Router-Vlanif100] dhcp select global [Router-Vlanif100] quit [Router] interface vlanif 101 [Router-Vlanif101] ip address 10.23.101.1 24 [Router-Vlanif101] dhcp select global [Router-Vlanif101] quit [Router] interface gigabitethernet 0/0/1 [Router-GigabitEthernet0/0/1] port link-type trunk [Router-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101 [Router-GigabitEthernet0/0/1] quit
- 配置AC1的WLAN基本业务
- 配置AC1的系统参数。
[AC1] wlan [AC1-wlan-view] ap-group name ap-group1 [AC1-wlan-ap-group-ap-group1] quit [AC1-wlan-view] regulatory-domain-profile name default [AC1-wlan-regulate-domain-default] country-code cn [AC1-wlan-regulate-domain-default] quit [AC1-wlan-view] ap-group name ap-group1 [AC1-wlan-ap-group-ap-group1] regulatory-domain-profile default Warning: Modifying the country code will clear channel, power and antenna gain configurations of the radio and reset the AP. Continue?[Y/N]:y [AC1-wlan-ap-group-ap-group1] quit [AC1-wlan-view] quit [AC1] capwap source interface vlanif 100 [AC1] wlan
- 在AC1上管理AP。
[AC1-wlan-view] ap auth-mode mac-auth [AC1-wlan-view] ap-id 0 ap-mac 00e0-fc76-e360 [AC1-wlan-ap-0] ap-name area_1 [AC1-wlan-ap-0] ap-group ap-group1 Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y [AC1-wlan-ap-0] quit [AC1-wlan-view] display ap all Total AP information: nor : normal [1] Extrainfo : Extra information P : insufficient power supply -------------------------------------------------------------------------------------------------- ID MAC Name Group IP Type State STA Uptime ExtraInfo -------------------------------------------------------------------------------------------------- 0 00e0-fc76-e360 area_1 ap-group1 10.23.100.254 AP5030DN nor 0 10S - -------------------------------------------------------------------------------------------------- Total: 1
- 配置AC1的WLAN业务参数。 # 创建名为“wlan-net”的安全模板,并配置安全策略。
举例中以配置WPA-WPA2+PSK+AES的安全策略为例,密码为“a1234567”,实际配置中请根据实际情况,配置符合实际要求的安全策略。
[AC1-wlan-view] security-profile name wlan-net [AC1-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase a1234567 aes [AC1-wlan-sec-prof-wlan-net] quit
# 创建名为“wlan-net”的SSID模板,并配置SSID名称为“wlan-net”。
[AC1-wlan-view] ssid-profile name wlan-net [AC1-wlan-ssid-prof-wlan-net] ssid wlan-net [AC1-wlan-ssid-prof-wlan-net] quit
# 创建名为“wlan-net”的VAP模板,配置业务数据转发模式、业务VLAN,并且引用安全模板和SSID模板。
[AC1-wlan-view] vap-profile name wlan-net [AC1-wlan-vap-prof-wlan-net] forward-mode direct-forward [AC1-wlan-vap-prof-wlan-net] service-vlan vlan-id 101 [AC1-wlan-vap-prof-wlan-net] security-profile wlan-net [AC1-wlan-vap-prof-wlan-net] ssid-profile wlan-net [AC1-wlan-vap-prof-wlan-net] quit
# 配置AP组引用VAP模板,AP上射频0和射频1都使用VAP模板“wlan-net”的配置。
[AC1-wlan-view] ap-group name ap-group1 [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0 [AC1-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1 [AC1-wlan-ap-group-ap-group1] quit [AC1-wlan-view] quit
- 配置AC1的系统参数。
- 配置AC2的WLAN私有配置
# 配置AC2的源接口。
[AC2] capwap source interface vlanif 100
- 配置AC间控制隧道DTLS加密 # 在AC1上配置AC间控制隧道DTLS加密
[AC1] capwap dtls inter-controller psk a1234567 [AC1] capwap dtls inter-controller control-link encrypt Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y [AC1] wlan
# 在AC2上配置AC间控制隧道DTLS加密[AC2] capwap dtls inter-controller psk a1234567 [AC2] capwap dtls inter-controller control-link encrypt Warning: This operation may cause devices using CAPWAP connections to reset or go offline. Continue? [Y/N]:y [AC2] wlan
- 配置主用AC1和备用AC2双链路备份功能 # 在AC1上,配置优选AC的IP地址为AC1的源地址,备选AC的IP地址为AC2的源地址。
缺省情况下,双链路备份功能未开启,执行命令ac protect enable会提示重启所有AP。AP重启后,双链路备份功能开始生效。
若双链路备份功能已开启,此处再执行命令ac protect enable不会重启AP,需要在主AC上继续执行命令ap-reset重启AP,AP重启后,双链路备份功能开始生效。
[AC1-wlan-view] ap-system-profile name wlan-net [AC1-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2 [AC1-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3 [AC1-wlan-ap-system-prof-wlan-net] quit [AC1-wlan-view] ap-group name ap-group1 [AC1-wlan-ap-group-ap-group1] ap-system-profile wlan-net [AC1-wlan-ap-group-ap-group1] quit [AC1-wlan-view] undo ac protect restore disable [AC1-wlan-view] ac protect enable Warning: This operation maybe cause AP reset, continue?[Y/N]: y
# 在AC2上,配置优选AC的IP地址为AC1的源地址,备选AC的IP地址为AC2的源地址。[AC2-wlan-view] ap-system-profile name wlan-net [AC2-wlan-ap-system-prof-wlan-net] primary-access ip-address 10.23.100.2 [AC2-wlan-ap-system-prof-wlan-net] backup-access ip-address 10.23.100.3 [AC2-wlan-ap-system-prof-wlan-net] quit [AC2-wlan-view] ap-group name ap-group1 [AC2-wlan-ap-group-ap-group1] ap-system-profile wlan-net [AC2-wlan-ap-group-ap-group1] quit [AC2-wlan-view] undo ac protect restore disable [AC2-wlan-view] ac protect enable Warning: This operation maybe cause AP reset, continue?[Y/N]: y
# 在AC1上重启AP,下发双链路备份配置信息至AP。
[AC1-wlan-view] ap-reset all Warning: Reset AP(s), continue?[Y/N]:y [AC1-wlan-view] quit
- 配置双机热备份功能
# 在AC1上创建HSB主备服务0,并配置其主备通道IP地址和端口号。
[AC1] hsb-service 0 [AC1-hsb-service-0] service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241 [AC1-hsb-service-0] quit
# 配置将WLAN业务与NAC业务绑定AC1的HSB主备服务。
[AC1] hsb-service-type ap hsb-service 0 [AC1] hsb-service-type access-user hsb-service 0
# 在AC2上创建HSB主备服务0,并配置其主备通道IP地址和端口号。
[AC2-wlan-view] quit [AC2] hsb-service 0 [AC2-hsb-service-0] service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241 [AC2-hsb-service-0] quit
# 配置将WLAN业务与NAC业务绑定AC2的HSB主备服务。
[AC2] hsb-service-type ap hsb-service 0 [AC2] hsb-service-type access-user hsb-service 0
- 配置Master AC和Local AC # 在AC1上配置AC1作为Master AC,并指定Local AC的IP地址。
[AC1] wlan [AC1-wlan-view] master controller [AC1-master-controller] local-controller ip-address 10.23.100.3 psk H@123456 [AC1-master-controller] quit
# 在AC2上配置AC2作为Local AC,并指定Master AC的IP地址。[AC2] wlan [AC2-wlan-view] master-controller ip-address 10.23.100.2 psk H@123456
# 在AC1上配置定时同步功能。
[AC1-wlan-view] synchronize-configuration auto interval 1440 start-time 01:00:00
- 手动触发无线配置同步
# 执行命令display sync-configuration status查看无线配置同步状态信息,状态为“cfg-mismatch”。需要在Master AC上手动触发无线配置同步到Local AC上。等待Local AC自动重启完成。
[AC1-wlan-view] display sync-configuration status Controller role:Master/Backup/Local ---------------------------------------------------------------------------------------------------- Controller IP Role Device Type Version Status Last synced ---------------------------------------------------------------------------------------------------- 10.23.100.3 Local ACxxxx V200R019C10 cfg-mismatch(config check fail) - ---------------------------------------------------------------------------------------------------- Total: 1 [AC1-wlan-view] synchronize-configuration Warning: This operation may reset the remote AC, synchronize configurations to it, and save all its configurations. Whether to conti nue? [Y/N]:y
- 验证配置结果
# 在Master AC和Local AC上分别执行命令display sync-configuration status,查看无线配置同步状态信息。状态为“up”表示无线配置同步功能正常。
[AC1-wlan-view] display sync-configuration status Controller role:Master/Backup/Local ----------------------------------------------------------------------------------------- Controller IP Role Device Type Version Status Last synced ----------------------------------------------------------------------------------------- 10.23.100.3 Local ACxxxx V200R019C10 up 2017-09-01/11:18:15 ----------------------------------------------------------------------------------------- Total: 1 [AC2-wlan-view] display sync-configuration status Controller role:Master/Backup/Local ----------------------------------------------------------------------------------------- Controller IP Role Device Type Version Status Last synced ----------------------------------------------------------------------------------------- 10.23.100.2 Master ACxxxx V200R019C10 up 2017-09-01/11:18:25 ----------------------------------------------------------------------------------------- Total: 1
# 在Master AC上修改公有配置时,会自动同步到Local AC上。
# 通过重启主AC的方式,模拟主AC故障的场景,验证备份配置。重启AC1,当AP与AC1的链路中断后,AC2切换为主AC,保证业务的稳定重启AC前,请执行命令save保存AC上的配置文件,以免重启后配置丢失。
# AC1重启期间,STA上业务不中断。AP切换到AC2上线,在AC2上执行命令display ap all可以查看AP的状态由standby变为normal。
# AC1重启恢复正常,触发主备回切后,AP会自动重新到AC1正常上线。
配置文件
-
# sysname SwitchA # vlan batch 100 # interface GigabitEthernet0/0/1 port link-type trunk port trunk pvid vlan 100 port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 to 101 # return
-
# sysname SwitchB # vlan batch 100 to 102 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 to 101 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 102 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 100 102 # interface GigabitEthernet0/0/4 port link-type trunk port trunk allow-pass vlan 100 to 101 # return
-
# sysname Router # vlan batch 100 to 101 # dhcp enable # ip pool sta gateway-list 10.23.101.1 network 10.23.101.0 mask 255.255.255.0 # ip pool ap gateway-list 10.23.100.1 network 10.23.100.0 mask 255.255.255.0 excluded-ip-address 10.23.100.2 10.23.100.3 # interface Vlanif100 ip address 10.23.100.1 255.255.255.0 dhcp select global # interface Vlanif101 ip address 10.23.101.1 255.255.255.0 dhcp select global # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 to 101 # return
- AC1和AC2的配置文件对比(加粗内容为AC1和AC2上的双机备份配置和无线配置同步配置,斜体内容为AC1自动同步到AC2的公有配置)
表2 配置文件对比 AC1
AC2
# sysname AC1 # vlan batch 100 to 102 # interface Vlanif100 ip address 10.23.100.2 255.255.255.0 # interface Vlanif102 ip address 10.23.102.1 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 102 # capwap source interface vlanif100 capwap dtls inter-controller control-link encrypt capwap dtls inter-controller psk %^%#*w\Z<afXL3.gRk5g|%CD62YcG!x.)Ks:m6(}V:PD%^% # hsb-service 0 service-ip-port local-ip 10.23.102.1 peer-ip 10.23.102.2 local-data-port 10241 peer-data-port 10241 # hsb-service-type access-user hsb-service 0 # hsb-service-type ap hsb-service 0 # wlan ac protect enable security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net regulatory-domain-profile name default ap-system-profile name wlan-net primary-access ip-address 10.23.100.2 backup-access ip-address 10.23.100.3 synchronize-configuration auto interval 1440 start-time 01:00:00 ap-group name ap-group1 ap-system-profile wlan-net radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 master controller local-controller ip-address 10.23.100.3 psk %^%#/q6ITBsonPkeDGXiV;!'^htAMm[n"(Z{^ES|5[^.%^%# # return# sysname AC2 # vlan batch 100 to 102 # interface Vlanif100 ip address 10.23.100.3 255.255.255.0 # interface Vlanif102 ip address 10.23.102.2 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 102 # capwap source interface vlanif100 capwap dtls inter-controller control-link encrypt capwap dtls inter-controller psk %^%#*w\Z<afXL3.gRk5g|%CD62YcG!x.)Ks:m6(}V:PD%^% # hsb-service 0 service-ip-port local-ip 10.23.102.2 peer-ip 10.23.102.1 local-data-port 10241 peer-data-port 10241 # hsb-service-type access-user hsb-service 0 # hsb-service-type ap hsb-service 0 # wlan ac protect enable security-profile name wlan-net security wpa-wpa2 psk pass-phrase %^%#DmLbQP`BNIa6M}<rK3J>%m9$2xA+y-fNA<TAP&}F%^%# aes ssid-profile name wlan-net ssid wlan-net vap-profile name wlan-net service-vlan vlan-id 101 ssid-profile wlan-net security-profile wlan-net regulatory-domain-profile name default ap-system-profile name wlan-net primary-access ip-address 10.23.100.2 backup-access ip-address 10.23.100.3 master-controller ip-address 10.23.100.2 psk %^%#mh|sYMl/}'U|"W/rBd\9HICmNy{,BIi0c^F:z;V#%^%# synchronize-configuration auto interval 1440 start-time 01:00:00 ap-group name ap-group1 ap-system-profile wlan-net radio 0 vap-profile wlan-net wlan 1 radio 1 vap-profile wlan-net wlan 1 ap-id 0 type-id 35 ap-mac 00e0-fc76-e360 ap-sn 210235554710CB000042 ap-name area_1 ap-group ap-group1 # return
