轉(zhuǎn)載自微信公眾號：網(wǎng)絡(luò)之路博客 

三層漫游數(shù)據(jù)包的過程（隧道轉(zhuǎn)發(fā)模式下）

漫游前數(shù)據(jù)包的走向
1、STA發(fā)送數(shù)據(jù)報文給HAP
2、HAP通過CAPWAP隧道把報文發(fā)送給HAC
3、HAC收到以后把業(yè)務(wù)報文送給上層設(shè)備處理轉(zhuǎn)發(fā)

漫游后數(shù)據(jù)包的走向
1、STA發(fā)送數(shù)據(jù)報文給FAP
2、FAP通過CAPWAP隧道把報文發(fā)送給FAC
3、FAC通過AC間的隧道把報文發(fā)送給HAC
4、HAC把報文送往上層設(shè)備處理轉(zhuǎn)發(fā)

可以看到其實數(shù)據(jù)包最終還是由原來的AC處理，而FAC只是做了個代理通過AC之間的隧道來把數(shù)據(jù)包交給AC。

三層漫游數(shù)據(jù)包的過程（直接轉(zhuǎn)發(fā)模式下）

在AC間三層漫游的直接轉(zhuǎn)發(fā)比較麻煩，而且處理過程比隧道轉(zhuǎn)發(fā)還要多。

漫游前的數(shù)據(jù)轉(zhuǎn)發(fā)
1、STA發(fā)送數(shù)據(jù)包報文給HAP
2、HAP收到以后把數(shù)據(jù)包交給HAC（如果是旁掛模式，則直接交給對應(yīng)VLAN的網(wǎng)關(guān)設(shè)備處理來路由到需要去的目的地）
3、HAC收到以后把數(shù)據(jù)報文交給上層設(shè)備處理轉(zhuǎn)發(fā)

漫游后的數(shù)據(jù)轉(zhuǎn)發(fā)
1、STA把數(shù)據(jù)包轉(zhuǎn)發(fā)給FAP
2、FAP收到報文后，交給HAC處理（如果旁掛模式，必須將該業(yè)務(wù)的數(shù)據(jù)包由FAC處理，否則漫游后的數(shù)據(jù)包不通）
3、FAC收到后，把數(shù)據(jù)包從AC間的隧道發(fā)送給HAC
4、HAC收到后，把報文轉(zhuǎn)發(fā)給HAP
5、HAP在將數(shù)據(jù)報文按正常的方式轉(zhuǎn)發(fā)

可以看到三層漫游的直接轉(zhuǎn)發(fā)非常麻煩，通常情況下，我們理解直接轉(zhuǎn)發(fā)的處理過程肯定比隧道轉(zhuǎn)發(fā)要簡便，但是在三層AC間漫游的過程中，確變得比較復(fù)雜，所以在三層AC間漫游的情況下，建議用隧道方式相比更加簡單些。

家鄉(xiāng)代理的作用

其實可以看到在三層直接轉(zhuǎn)發(fā)的模式下相比來說非常繁瑣，而家鄉(xiāng)代理的作用就是減輕HAP的負擔，它可以指定HAC直接轉(zhuǎn)發(fā)數(shù)據(jù)包，省去了FAC把數(shù)據(jù)包通過隧道發(fā)給HAC的時候，在發(fā)給HAP做轉(zhuǎn)發(fā)的過程。

拓撲介紹

這里是官方給出的拓撲，這里主要重點在于兩邊的業(yè)務(wù)VLAN都是同一個，但是AC_1提供的在192.168.101.0/24網(wǎng)段，而AC_2的網(wǎng)段則提供在192.168.102.0/24網(wǎng)段，VLAN ID相同，但網(wǎng)段不一樣，這個其實也是屬于三層漫游的。

說明：這里還是以官方給的拓撲做介紹，ENSP目前無法支持AC間漫游，所以這里無法演示。

Switch_1配置

[SW1] vlan batch 100 101
[SW1] interface gigabitethernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SW1-GigabitEthernet0/0/1] quit
[SW1] interface gigabitethernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type trunk
[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SW1-GigabitEthernet0/0/2] quit

Switch_2配置

[SW2] vlan batch 100 101
[SW2] interface gigabitethernet 0/0/1
[SW2-GigabitEthernet0/0/1] port link-type trunk
[SW2-GigabitEthernet0/0/1] port trunk pvid vlan 100
[SW2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[SW2-GigabitEthernet0/0/1] quit
[SW2] interface gigabitethernet 0/0/2
[SW2-GigabitEthernet0/0/2] port link-type trunk
[SW2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[SW2-GigabitEthernet0/0/2] quit

AC-1的配置（只包含AP上線以及WLAN業(yè)務(wù)配置）

[AC_1] dhcp enable
[AC_1] vlan batch 100 101
[AC_1] interface gigabitethernet 0/0/1
[AC_1-GigabitEthernet0/0/1] port link-type trunk
[AC_1-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[AC_1-GigabitEthernet0/0/1] quit

[AC_1] interface gigabitethernet 0/0/2
[AC_1-GigabitEthernet0/0/2] port link-type trunk
[AC_1-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[AC_1-GigabitEthernet0/0/2] quit

[AC_1] interface vlanif 100
[AC_1-vlanif100] ip address 192.168.100.1 255.255.255.0
[AC_1-vlanif100] dhcp select interface
[AC_1-vlanif100] dhcp server excluded-ip-address 192.168.100.2
[AC_1-vlanif100] quit

[AC_1] interface vlanif 101
[AC_1-vlanif101] ip address 192.168.101.1 255.255.255.0
[AC_1-vlanif101] dhcp select interface
[AC_1-vlanif101] quit

[AC_1] interface wlan-ess 1
[AC_1-Wlan-Ess1] port hybrid pvid vlan 101
[AC_1-Wlan-Ess1] port hybrid untagged vlan 101

[AC_1] wlan
[AC_1-wlan-view] wlan ac source interface vlanif 100
[AC_1-wlan-view] ap id 1 type-id 19 mac 60de-4476-e360
[AC_1-wlan-view] wmm-profile name wmm id 1
[AC_1-wlan-wmm-prof-wmm] quit
[AC_1-wlan-view] radio-profile name radio id 1
[AC_1-wlan-radio-prof-radio] wmm-profile name wmm
[AC_1-wlan-radio-prof-radio] quit
[AC_1-wlan-view] security-profile name security id 1
[AC_1-wlan-sec-prof-security] quit
[AC_1-wlan-view] traffic-profile name traffic id 1
[AC_1-wlan-traffic-prof-traffic] quit
[AC_1-wlan-view] service-set name huawei1 id 1
[AC_1-wlan-service-set-huawei1] ssid huawei1
[AC_1-wlan-service-set-huawei1] wlan-ess 1
[AC_1-wlan-service-set-huawei1] security-profile name security
[AC_1-wlan-service-set-huawei1] traffic-profile name traffic
[AC_1-wlan-service-set-huawei1] service-vlan 101
[AC_1-wlan-service-set-huawei1] vlan-mobility-group 101 （必須）
[AC_1-wlan-service-set-huawei1] forward-mode tunnel
[AC_1-wlan-service-set-huawei1] quit

AC-2的配置（只包含AP上線以及WLAN業(yè)務(wù)配置）

[AC_2] dhcp enable
[AC_2] vlan batch 100 101
[AC_2] interface gigabitethernet 0/0/1
[AC_2-GigabitEthernet0/0/1] port link-type trunk
[AC_2-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 101
[AC_2-GigabitEthernet0/0/1] quit

[AC_2] interface gigabitethernet 0/0/2
[AC_2-GigabitEthernet0/0/2] port link-type trunk
[AC_2-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 101
[AC_2-GigabitEthernet0/0/2] quit

[AC_2] interface vlanif 100
[AC_2-vlanif100] ip address 192.168.100.2 255.255.255.0
[AC_2] interface vlanif 101
[AC_2-vlanif101] ip address 192.168.102.1 255.255.255.0
[AC_2-vlanif101] dhcp select interface

[AC_2] interface wlan-ess 1
[AC_2-Wlan-Ess1] port hybrid pvid vlan 101
[AC_2-Wlan-Ess1] port hybrid untagged vlan 101

[AC_2] wlan
[AC_2-wlan-view] wlan ac source interface vlanif 100
[AC_2-wlan-view] ap id 1 type-id 19 mac 60de-4476-e360
[AC_2-wlan-view] wmm-profile name wmm id 1
[AC_2-wlan-wmm-prof-wmm] quit
[AC_2-wlan-view] radio-profile name radio id 1
[AC_2-wlan-radio-prof-radio] wmm-profile name wmm
[AC_2-wlan-radio-prof-radio] quit
[AC_2-wlan-view] security-profile name security id 1
[AC_2-wlan-sec-prof-security] quit
[AC_2-wlan-view] traffic-profile name traffic id 1
[AC_2-wlan-traffic-prof-traffic] quit
[AC_2-wlan-view] service-set name huawei1 id 1
[AC_2-wlan-service-set-huawei1] ssid huawei1
[AC_2-wlan-service-set-huawei1] wlan-ess 1
[AC_2-wlan-service-set-huawei1] security-profile name security
[AC_2-wlan-service-set-huawei1] traffic-profile name traffic
[AC_2-wlan-service-set-huawei1] service-vlan 101
[AC_2-wlan-service-set-huawei1]forward-mode tunnel
[AC_2-wlan-service-set-huawei1] vlan-mobility-group 102 （必須，而且區(qū)分與AC_1）
[AC_2-wlan-service-set-huawei1] quit

漫游功能相關(guān)配置

[AC_1] master-controller enable
[AC_1] master controller
[AC_1-master-controller] ac id 1 ip 192.168.100.1
[AC_1-master-controller] ac id 2 ip 192.168.100.2
[AC_1-master-controller] mobility-group name mobility
[AC_1-mc-mg-mobility] member ac id 1
[AC_1-mc-mg-mobility] member ac id 2
說明：AC_1的配置，它作為master controller，然后在controller里面定義了漫游組，屬于同一個漫游組的AC之間是可以漫游的。

[AC_2-wlan-view] master-controller ip 192.168.100.1
而AC_2的配置比較簡單，只需要指定controller在哪即可，漫游組信息由master告訴其他AC成員。

下發(fā)業(yè)務(wù)給AP

[AC_1] wlan
[AC_1-wlan-view] ap 1 radio 0
[AC_1-wlan-radio-1/0] radio-profile name radio
[AC_1-wlan-radio-1/0] service-set name huawei1
[AC_1-wlan-radio-1/0] quit
[AC_1-wlan-view] commit ap 1
Warning: Committing configuration may cause service interruption,continue?[Y/N]y

[AC_2] wlan
[AC_2-wlan-view] ap 1 radio 0
[AC_2-wlan-radio-1/0] radio-profile name radio
[AC_2-wlan-radio-1/0] service-set name huawei1
[AC_2-wlan-radio-1/0] quit
[AC_2-wlan-view] commit ap 1
Warning: Committing configuration may cause service interruption,continue?[Y/N]y

測試

這里把一個客戶端連接到AP_1上后，可以通過命令查看
[AC_1-wlan-view] display station assoc-info all
——————————————————————————
STA MAC AP ID RADIO ID SS ID SSID
——————————————————————————
0025-86aa-0d1c 1 0 1 huawei1
——————————————————————————
Total stations: 1
目前該客戶端關(guān)聯(lián)上來了，當把客戶端從AP_1移動到AP_2的范圍內(nèi)

[AC_2-wlan-view] display station assoc-info all
——————————————————————————
STA MAC AP ID RADIO ID SS ID SSID
——————————————————————————
0025-86aa-0d1c 1 0 1 huawei1
——————————————————————————
Total stations: 1

這時候AP_2上面已經(jīng)有關(guān)于客戶端的信息了。

[AC_2-wlan-view] display station roam-track sta 0025-86aa-0d1c
Access SSID:huawei1 Rx/Tx:Rx-Rate/Tx-Rate Mbps
——————————————————————————
L2/L3 AC IP
AP/Radio BSSID TIME In Rx/Tx RSSI Out Rx/Tx RSSI
——————————————————————————
— 192.168.100.1
1/0 60de-4476-e360 2014/01/03 11:46:12 61/61 -51 46/13 -48
L3 192.168.100.2
1/0 dcd2-fc04-b500 2014/01/03 11:48:17 61/61 -58 -/- –
——————————————————————————
Number of roam track: 1

說明：

ENSP目前無法支持AC間漫游，所以這里無法演示。

網(wǎng)絡(luò)之路博客公眾號提供Cisco、華為、H3C、防火墻、VPN、無線等網(wǎng)絡(luò)知識點分享與應(yīng)用，想了解更多企業(yè)技術(shù)應(yīng)用與組網(wǎng)案例，關(guān)注我們（公眾號菜單欄陸續(xù)在更新排列，不管你是青銅入坑的小白沒有學習方向感到迷茫，還是想提升段位充實自己來升職加薪，都有您需要的哦）