Ipsec stateful failover configuration example, Network requirements, Configuring ac 1 – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

360

IPsec stateful failover configuration example

Network requirements

A company uses ACs and APs to construct its internal network. IPsec and reliability are required between

ACs and APs.
Configure the ACs as follows:

•

Assign the ACs to the VLAN to which the AP belongs.

•

Configure stateful failover between AC 1 and AC 2. The ACs send heartbeat packets to each other
through the switch.

•

Set up an IPsec tunnel between AC 1 and the AP and an IPsec tunnel between AC 2 and the AP, and
set up LWAPP tunnels based on the IPsec tunnels.

Figure 148 Network diagram

Configuring AC 1

# Configure an IP address for VLAN-interface 1.

<AC1> system-view

[AC1] interface Vlan-interface 1

[AC1-Vlan-interface1] ip address 133.1.1.1 16

[AC1-Vlan-interface1] quit

# Enable stateful failover and set the stateful failover heartbeat interval.

[AC1] hot-backup enable

[AC1] hot-backup hellointerval 100

# Set the IKE SA keepalive interval.

[AC1] ike sa keepalive-timer interval 20

# Set the IKE SA keepalive timeout.

[AC1] ike sa keepalive-timer timeout 60

# Enable invalid SPI recovery.

[AC1] ipsec invalid-spi-recovery enable

# Create an IPsec proposal named tran1.