【Problem Description】
1- Customer need to enable wireless configuration synchronization between two Wireless controllers as it is disabled.
Software version: AC6605V200R007C20SPC300.cc
Patch version: AC6605V200R007C20SPH305.pat
WLAN backup mode is VRRP HSB Scenario
2- While applying the configuration an error appeared and couldn’t proceed.
【Problem Analysis】
- Checked the documentations.
- Checked with customer in remote session.
- Checked the configuration between master and backup to make sure they are matched.
【Root Cause】
- Missing configuration.
- Some old configuration need to be modified in order the synchronization work.
【Solution】
1- Customer need to enable wireless configuration synchronization between two Wireless controllers as it is disabled.
Customer can enable the wireless configuration synchronization on the Active AC which will ensure that configurations are automatically synchronized between two ACs. When you activate it, the configuration will be matched from the active AC to the backup.
This feature allow configuring WLAN services on only one of the two ACs, ensures that these configurations are automatically synchronized to the other AC, and so greatly reduces the configuration workload. In addition, this function facilitates configuration maintenance because all configurations are synchronized between the two ACs.
To enable the feature:
1- Backup both active and standby configuration.
2- Configuration examples
CLI configuration example:
https://support.huawei.com/hedex/pages/EDOC1000153688AEG06285/07/EDOC1000153688AEG06285/07/resources/dc/dc_wlan_example_cfgsync_0003_copyto.html?ft=0&fe=10&hib=11.1.22.6.7.2&id=dc_wlan_example_cfgsync_0003&text=Example%2520for%2520Configuring%2520Wireless%2520Configuration%2520Synchronization%2520in%2520VRRP%2520HSB%2520Scenarios&docid=EDOC1000153688
GUI configuration example:
https://support.huawei.com/hedex/pages/EDOC1000153688AEG06285/07/EDOC1000153688AEG06285/07/resources/dc/dc_wlan_example_web_cfgsync_0003.html?ft=0&fe=10&hib=11.3.6.8.1&id=dc_wlan_example_web_cfgsync_0003_2&text=Example%2520for%2520Configuring%2520Wireless%2520Configuration%2520Synchronization%2520in%2520VRRP%2520HSB%2520Scenarios&docid=EDOC1000153688
In VRRP HSB and dual-tunnel HSB scenarios, wireless configuration synchronization implements automatic configuration synchronization between the master AC and backup master AC. Configurations that can be automatically synchronized are public configurations, while those that cannot be automatically synchronized are private configurations.
l Common public configurations include:
- Configurations of roaming and wireless services including radio, SSID, WLAN security, radio resource management, and positioning
- Configurations of NAC and AAA, including MAC authentication, 802.1X authentication, external Portal authentication, AAA authentication, RADIUS authentication, and TACACS authentication, excluding access user configuration and built-in Portal configuration used for local authentication
- Configurations required by wireless services, including VLAN pool, time-range, ACL, free-rule, QoS, and passthrough-domain
- URL filtering, signature database upgrade, intrusion prevention, antivirus, and Smart Application Control (SAC) configurations
l Common private configurations include:
- VLAN, interface, IP address, routing, DHCP, DNS, and IPSec configurations
- Wired configurations including basic configuration, device management, interface management, network interconnection, and network management configurations
- Wireless configuration synchronization, CAPWAP, backup, and AP online parameter configurations
- Access user configuration and built-in Portal authentication used for local authentication
- AP upgrade configurations, including the upgrade file, mode, and task, FTP server, SFTP server, and maximum number of APs that can be concurrently upgraded
2- While applying the configuration an error appeared and couldn’t proceed.
As per the following link:
Configuration Notes
In the wireless configuration synchronization scenario, the source-ip and nas-ip are not allowed to be configured based on the template. The following commands are involved:
§ Run the radius-attribute nas-ip ip-address, radius-attribute nas-ipv6 ipv6-address, radius-server accounting { ipv4-address | ipv6-address } port source ip-address { ipv4-address | ipv6-address }, and radius-server authentication { ipv4-address | ipv6-address } port source ip-address { ipv4-address | ipv6-address } commands in the RADIUS server template view.
§ Run the hwtacacs-server source-ip ip-address command in the HWTACACS server template view.
§ Run the source-ip ip-address command in the Portal server profile view.
So we needed to remove the source ip from the old configuration and reconfigure it with below commands :
To enable the source-ip and nas-ip function, run the related commands in the system view. The following commands are involved:
radius-attribute nas-ip ip-address
radius-server source ip-address { ipv4-address | ipv6-address }
hwtacacs-server source-ip ip-address
web-auth-server source-ip ip-address
Example:
Old configuration:
<AC6605> system-view
[AC6605] radius-server template group1
[AC6605-radius-group1] radius-server accounting 10.1.2.1 1813 source ip-address 10.1.1.1
New configuration:
AC6605> system-view[AC6605] radius-server template group1[AC6605-radius-group1] radius-server accounting 10.1.2.1 1813[AC6605] radius-server source ip-address 192.168.1.1( Different configuration but same function )
After modifying all unsupported configurations we run the following command to enable sync configuration:
# Configure the wireless configuration synchronization function on AC1.
[AC1] wlan
[AC1-wlan-view] master controller
[AC1-master-controller] master-redundancy peer-ip ip-address 192.168.100.2 local-ip ip-address 192.168.100.1 psk H@123456
[AC1-master-controller] master-redundancy track-vrrp vrid 1 interface vlanif 603
[AC1-master-controller] quit
[AC1-wlan-view] quit
# Configure the wireless configuration synchronization function on AC2.
[AC2] wlan
[AC2-wlan-view] master controller
[AC2-master-controller] master-redundancy peer-ip ip-address 192.168.100.1 local-ip ip-address 192.168.100.2 psk H@123456
[AC2-master-controller] master-redundancy track-vrrp vrid 1 interface vlanif 603
[AC2-master-controller] quit
[AC2-wlan-view] quit
(HSB addresses and track the VRRP vlanif )
Then from Master AC :
[AC1] synchronize-configurationWarning: This operation may reset the remote AC, synchronize configurations to it, and save all its configurations. Whether to continue? [Y/N]:y
Then the backup AC rebooted and we checked the status after it is done:
[AC1] display sync-configuration statusBoth status is up on master and backup:
