03-16-2010 11:09 AM
Our wireless network comprise of two 3600s (a master and a redundant master,) and a dozen of 200s and 2400s local controllers. The master controller is also a backup controller for each local controller using VRRP. When we built the Aruba WLAN with AOS 2, we agreed to keep at least 50 APs open at the master to reserve for backing up to 48 APs from a 2400 local controller. No backup LMS AP was configured in AP system profile. We are now short on reserved APs at the master for backing up because of fast WLAN growing (but slow on cash.)
Correct me if I am wrong, in AOS 2 all radius authentications only takes place at the master, so if the master controller fails the WLAN is down. But with AOS 3, if the master fails, (and no redundant master available) WLAN is still function, because the local controller can query radius for authentication (with the exception of tunnel vlan, but we only tunnel guest vlan to the master; all business Vlans are local)
With this in mind, I plan to shutdown the redundant master and convert it to a local; rebuild the master with no APs. This master will be VRRP backup for all local controllers plus all APs will have master as their backup LMS AP.
Any thoughts, suggestions are appreciated.
03-17-2010 08:15 AM
Backup LMS is a solution when controllers are not in the same broadcast domain. Because your master is currently providing backup via vrrp to each controller, I would advise you continue to do this. VRRP failover is much faster than backup LMS.
I don't remember if radius auth is only at the master in AOS 2 (it's been years since I've used that version), but yes, in AOS 3.x, the authentication occurs at the local controller aggregating the AP. The master controller's role, in addition to provisioning configuration, is to correlate WMS (classification) data from all the locals and use it for ARM calculations (assuming you're not doing WMS offload with Airwave or, *gulp*, Aruba MMS). So, if the master fails, you'll lose some of that functionality.
We have multiple data centers, each with a master controller, none of them redundant. We implement a local controller for N+1 redundancy, but again, that is not the master controller.
For the most part, your plan is sound. I would definitely get off of AOS 2 if it is an option for you.
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
03-17-2010 01:53 PM
Thank you for your advice.
When we first considered WLAN, the Aruba SE bragged about OSU as an example of successful deployment of the world largest WLAN with thousands of APs and hundreds of controllers. So your opinion is very much appreciated.
We did upgrade to AOS 3 years ago, we also had Air-wave to WMS off-load. Aruba Support warranty 48 hours turnaround time for any fail controller. I think it will work out OK.