Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

How do we configure HA AP fast fail over for two standalone master controllers? 

Nov 25, 2015 07:08 PM

Q:

  How do we configure HA AP fast fail over for two standalone master controllers?



A:

From AOS code: 6.4 code we do support Master- Master Redundancy, Inter-Controller Heartbeats, Client State Sync  and Over-subscription for AP standby.

This article applies to configuration on HA with two standalone master controllers.

Basic config

  1. Use only Controller-ip in ‘ha group-profile’
  2. The lms-ip has to match one of the controller IPs listed in the ha group-profile

Best practices and facts:

  • Configure an lms-ip in the ap system profile
  • Use controller role ‘dual’ as much as possible.
  • Use bkup-lms to recover from a double failure (Controller and AP).
  • HA failover takes precedence over lms/bkup-lms failover.
  • APs that failed over to bkup-lms will not build a standby tunnel until it has moved back to its primary lms.
  • 11r & State-sync do not work because on a failover we deauth the client which makes the 11r client do a full dot1x.

 

Requirements:

Uniform global configuration across standalone masters (roles, ACLs, SSID, VAP, AAA profile, VLAN, etc..)

Assumptions:

  • APs on Master1 belong to AP-group g1 with system-profile sp1
  • APs on Master2 belong to AP-group g2 with system-profile sp2
  • AP system-profiles are identical except for reversed lms/bkup-lms

Hints:

Offload WMS to Airwave if a unified wms database across both controllers is desirable (optional)

For ap-master discovery and availability:

  1. VRRP between the 2 masters and use VIP for master ip (if possible)
  2. Or use two A records in DNS for aruba-master that match both controllers’ IPs
  3. In case of CPSEC, whitelist needs to be synchronized with the appropriate ap-group

Warnings:

HA will blindly setup standby GRE tunnels and does not validate config sync between controllers or handle controller redundancy.

Config from controller running-config from both standalone master controllers.

ap system-profile “sp1"
  lms-ip 10.10.1.1
  bkup-lms-ip 10.10.2.1

  lms-preemption
!
ap system-profile “sp2"
  lms-ip 10.10.2.1
  bkup-lms-ip 10.10.1.1

  lms-preemption
!
ap-group “g1"
  ap-system-profile “sp1"
!
ap-group “g2"
  ap-system-profile “sp2

 

ha group-profile "Cluster-A"
  preemption

  state-sync

  pre-shared-key aruba2hp
  heartbeat
  controller 10.10.1.1 role dual
  controller 10.10.2.1 role dual
!
ha group-membership Cluster-A

 

 

 

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.