How do we configure HA AP fast fail over for two standalone master controllers?
From AOS code: 6.4 code we do support Master- Master Redundancy, Inter-Controller Heartbeats, Client State Sync and Over-subscription for AP standby.
This article applies to configuration on HA with two standalone master controllers.
- Use only Controller-ip in ‘ha group-profile’
- The lms-ip has to match one of the controller IPs listed in the ha group-profile
Best practices and facts:
- Configure an lms-ip in the ap system profile
- Use controller role ‘dual’ as much as possible.
- Use bkup-lms to recover from a double failure (Controller and AP).
- HA failover takes precedence over lms/bkup-lms failover.
- APs that failed over to bkup-lms will not build a standby tunnel until it has moved back to its primary lms.
- 11r & State-sync do not work because on a failover we deauth the client which makes the 11r client do a full dot1x.
Uniform global configuration across standalone masters (roles, ACLs, SSID, VAP, AAA profile, VLAN, etc..)
- APs on Master1 belong to AP-group g1 with system-profile sp1
- APs on Master2 belong to AP-group g2 with system-profile sp2
- AP system-profiles are identical except for reversed lms/bkup-lms
Offload WMS to Airwave if a unified wms database across both controllers is desirable (optional)
For ap-master discovery and availability:
- VRRP between the 2 masters and use VIP for master ip (if possible)
- Or use two A records in DNS for aruba-master that match both controllers’ IPs
- In case of CPSEC, whitelist needs to be synchronized with the appropriate ap-group
HA will blindly setup standby GRE tunnels and does not validate config sync between controllers or handle controller redundancy.
Config from controller running-config from both standalone master controllers.
ap system-profile “sp1"
ap system-profile “sp2"
ha group-profile "Cluster-A"
controller 10.10.1.1 role dual
controller 10.10.2.1 role dual
ha group-membership Cluster-A