Question: How do I make changes in a virtual AP profile in a very large network?
Product and Software: This article applies to all Aruba controllers and ArubaOS 5.x, 3.x, and 2.x.
Whenever you make a change to a virtual AP (VAP) profile that is used by a large number of APs, all the APs destroy and rebuild the VAP based on the new configuration. This work is a huge processing process, which keeps the control plane CPU load very high for an extended period.
Moreover, all users under this VAP are kicked out and clients then try to reconnect when some of the VAPs are rebuilt. Again, a huge about of processing is required. When the clients connect back, they then ask for DHCP to get the new IP address because you have changed the VLAN pool).
Note: When you change the VLAN pool side, it affects ALL clients because the client-to-VLAN mapping is based on the client MAC address hash.
Suggested Steps to Make Changes on the Controller:
Always make such changes under a maintenance window.
To make the change more "controllable," follow these steps:
1) Disable the VAP.
2) Write mem.
3) Use 'show ap essid' to monitor all controllers and AP and make sure they are no longer broadcasting this ESSID. Make sure the controllers are stabilized in terms of CPU load.
4) Confirm that the deletion is settled completely.
5) Make your change to the VAP.
6) Renable the VAP.
7) Write mem.