Campus Switching and Routing

Reply
Highlighted
Frequent Contributor I

using vrrp for simple ip failover

Due to the securelogin.arubanetworks.com certificate revocation, we forward our authenticated guests now to our master controller.

 

But this ofcourse is a single point of failure.  Therefore i'm thinking of using vrrp to create redundancy.

 

Setup : one master (192.168.100.251), one local (192.168.100.252)...

 

Am i correct that adding the following would be sufficiant :

 

I reserved a new ip 192.168.100.250 for vrrp.

 

master :

vrrp

vlan 100

ip address 192.168.100.250

priority 110

no shutdown

 

local:

vrrp

vlan  100

ip address 192.168.100.250

priority 100

no shutdown

 

Or is it possible to use the same ip address in vlan 100 which is now used by the master controller (which is now 192.168.100.251)?

Guru Elite

Re: using vrrp for simple ip failover

You are doing it right.

 

The last step is to go into the AP System Profile and change the LMS-IP to 192.168.100.250.  That will have the access point setup its connection to the VRRP, after it has discovered either controller.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: using vrrp for simple ip failover

Is that LMS change a must?  

Guru Elite

Re: using vrrp for simple ip failover

If an AP discovers a controller and there is no LMS, it will only communicate with the controller that it found.  If you use an LMS, it will be redirected to the LMS-IP address, instead.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: using vrrp for simple ip failover

Please let me make it more clear... Curently we have LMS ip 192.168.100.251 and backup LMS 192.168.100.252. In Clearpass i currently redirect to the master controller ip (which is also 192.168.100.251). I introduce VRRP with ip 192.168.100.250. I'm not really interested in aligning the VRRP and LMS to the same ip (altough i agree it's cleaner). Or in other words, the LMS is used for terminating the ap's. And i use VRRP for terminating Clearpass forwarding (if i can call it that way).

Guru Elite

Re: using vrrp for simple ip failover

Without bringing Clearpass into the conversation, if you point the LMS to the VRRP that is enough for AP redundancy.  The AP will be able to tell that it is terminating on a VRRP and if one controller goes away, the AP will attempt to connect to the VRRP a second time, without rebooting , knowing it is a VRRP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: using vrrp for simple ip failover

The way you have it currently setup, if your first controller is down and the AP boots, it will find the second controller and be immediately sent to the LMS which is LMS 192.168.100.252.  The AP will be stuck there trying to find the first controller, instead of going to the VRRP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: