Controller Based WLANs

How to configure AP-225 with GRE striping IP for failover in VRRP environment

Aruba Employee

This article explains the method to configure the AP-225 with GRE striping IP for failover in VRRP environment.

 

AP 225 can use both ports for uplink. This feature is introduced from 6.3.1.

 

 

For this, Controller needs to have one more ip address defined in ap system profile (ideally LMS IP +1), called GRE Striping IP

 

Environment :

 

rtaImage.jpg

This feature is introduced from AOS 6.3.1.

 

Network Topology :

 

rtaImage (1).jpg

 

AP 225 can use both ports for uplink. This feature is introduced from 6.3.1.
 
For this, Controller needs to have one more ip address defined in ap system profile (ideally LMS IP +1), called GRE Striping IP
 
In Master-Local configuration, where LMS-IP is the VRRP IP running between Master_local, if we do not configure the GRE striping IP as a VRRP ip the failover would not happen. This GRE-STRIPING-IP is always tied to controller Mac in ARP resolution and this can affect failover. If AP is switch over to another controller in a VRRP environment, the AP/L3 may still hold the older ARP of the GRE-STRIPING-IP that affects failover.

If the GRE-STRIPING IP is configured as a VRRP IP then the failover would happen fine.

 


 
(Aruba) #show ap system-profile gre-strip
 
AP system profile "gre-strip"
-----------------------------
Parameter                               Value
---------                               -----
RF Band                                 g
RF Band for AM mode scanning            all
Native VLAN ID                          1
Tunnel Heartbeat Interval               1
Session ACL                             ap-uplink-acl
Corporate DNS Domain                    N/A
SNMP sysContact                         N/A
LED operating mode (11n/11ac APs only)  normal
SAP MTU                                 N/A
RAP MTU                                 1200 bytes
LMS IP                                  10.17.32.241
Backup LMS IP                           N/A
LMS IPv6                                N/A
Backup LMS IPv6                         N/A
LMS Preemption                          Disabled
LMS Hold-down Period                    600 sec
LMS ping interval                       20
GRE Striping IP                         10.17.32.242
 
As per the network topology two scenarios are configured

Scenario:1 
=========
LMS-IP is VRRP IP ( 10.17.32.241)  and the GRE striping IP with no VRRP instance ( 10.17.32.242 )


Scenario:2
=========
LMS-IP is VRRP IP ( 10.17.32.241)  and the GRE striping IP with VRRP instance ( 10.17.32.242 )
 
In scenario:1 when the AP failover to the the other controller 
 
- AP moved to the local controller
- AP comes up fine but the g Client disconnects.
- Client cannot connect to g radio till the AP is rebooted

In Scenario:2 when the AP failover to the other controller

- Client connected to g radio stays connected and can pass traffic.
 
Scenario:1
=========

Connected client to G radio and failover. Client could not connect to the AP after failover

(Local) #show vrrp 
 
 
Virtual Router 32:
    Description 
    Admin State UP, VR State MASTER
    IP Address 10.17.32.241, MAC Address 00:00:5e:00:01:20, vlan 32
    Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type NONE ********
    tracking is not enabled
 
Virtual Router 33:
    Description 
    Admin State DOWN, VR State INIT
    IP Address 10.17.32.242, MAC Address 00:00:5e:00:01:21, vlan 32
    Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type NONE ********
    tracking is not enabled
 
(Local) #show ap active 
 
Active AP Table
---------------
Name               Group    IP Address   11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP  AP Type  Flags  Uptime  Outer IP
----               -----    ----------   -----------  -------------------  -----------  -------------------  -------  -----  ------  --------
18:64:72:c7:08:4e  default  10.20.25.39  0            AP:HT:11/21/21       0            AP:HT:36+/21/21      225      Aa     4m:15s  N/A
 
Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2;
       A = Enet1 in active/standby mode;  B = Battery Boost On; C = Cellular;
       D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authentication;
       H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh;
       N = 802.11b protection disabled; P = PPPOE; R = Remote AP;
       S = AP connected as standby; X = Maintenance Mode; 
       a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP; 
       r = 802.11r Enabled
 
Channel followed by "*" indicates channel selected due to unsupported configured channel.
"Spectrum" followed by "^" indicates Local Spectrum Override in effect.
 
Num APs:1
 
(Local) #show user
 
Users
-----
    IP           MAC       Name   Role  Age(d:h:m)  Auth  VPN link  AP name  Roaming  Essid/Bssid/Phy  Profile  Forward mode  Type  Host Name
----------  ------------  ------  ----  ----------  ----  --------  -------  -------  ---------------  -------  ------------  ----  ---------
 
User Entries: 0/0
 Curr/Cum Alloc:0/5 Free:2/5 Dyn:2 AllocErr:0 FreeErr:0



Scenario:2
=========
Connected a client to G radio to the controller and failover is fine and client just face 3-4 ping drops during failover.
 
Master
======
 
(Aruba) # show user
 
Users
-----
    IP             MAC            Name     Role           Age(d:h:m)  Auth  VPN link  AP name            Roaming   Essid/Bssid/Phy                 Profile  Forward mode  Type  Host Name
----------    ------------       ------    ----           ----------  ----  --------  -------            -------   ---------------                 -------  ------------  ----  ---------
10.17.33.145  3c:a9:f4:7f:84:54            authenticated  00:00:03                    18:64:72:c7:08:4e  Wireless  gretest/18:64:72:f0:84:e1/g-HT  test     tunnel              
 
 
(Aruba) #show datapath  tunnel table | include 10.17.32.242
14      10.17.32.242    10.20.25.39     47   8300  1500  0    0    0    1    0     18:64:72:F0:84:E0         16          0          0 IMASPa
15      10.17.32.242    10.20.25.39     47   8310  1500  33   0    0    57   0     18:64:72:F0:84:E1       1879       3904          0 IMASPa1
 
 
 
  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
10.17.168.226   10.17.33.145    1    31650 0      0/0     0 0   0   tunnel 15   c    0         0          FI 
10.17.33.145    10.17.168.226   1    31652 2048   0/0     0 0   0   tunnel 15   a    1         60         FCI
 
 
After Failover to Local
 
Local
=====
 
 
(Local) #show user-table
 
Users
-----
    IP             MAC            Name     Role           Age(d:h:m)  Auth  VPN link  AP name            Roaming   Essid/Bssid/Phy                 Profile  Forward mode  Type  Host Name
----------    ------------       ------    ----           ----------  ----  --------  -------            -------   ---------------                 -------  ------------  ----  ---------
10.17.33.145  3c:a9:f4:7f:84:54            authenticated  00:00:00                    18:64:72:c7:08:4e  Wireless  gretest/18:64:72:f0:84:e1/g-HT  test     tunnel              
 
 
(Local) #show ap active 
 
Active AP Table
---------------
Name               Group    IP Address   11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP  AP Type  Flags  Uptime      Outer IP
----               -----    ----------   -----------  -------------------  -----------  -------------------  -------  -----  ------      --------
18:64:72:c7:08:4e  default  10.20.25.39  2            AP:HT:11/21/21       0            AP:HT:161-/21/22     225      Aa     2h:50m:44s  N/A
 
(Local) #show vrrp 
 
 
Virtual Router 32:
    Description 
    Admin State UP, VR State MASTER
    IP Address 10.17.32.241, MAC Address 00:00:5e:00:01:20, vlan 32
    Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type NONE ********
    tracking is not enabled
 
Virtual Router 33:
    Description 
    Admin State UP, VR State MASTER
    IP Address 10.17.32.242, MAC Address 00:00:5e:00:01:21, vlan 32
    Priority 120, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type NONE ********
    tracking is not enabled
 
(Local) #show datapath session table 10.17.33.145 
 
  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
10.17.168.226   10.17.33.145    1    31728 0      0/0     0 0   1   tunnel 12   3    1         60         FI 
10.17.168.226   10.17.33.145    1    31729 0      0/0     0 0   1   tunnel 12   2    1         60         FI 
10.17.168.226   10.17.33.145    1    31730 0      0/0     0 0   0   tunnel 12   1    1         60         FI 
10.17.168.226   10.17.33.145    1    31716 0      0/0     0 0   1   tunnel 12   f    0         0          FI 
10.17.168.226   10.17.33.145    1    31717 0      0/0     0 0   1   tunnel 12   d    0         0          FI 
10.17.168.226   10.17.33.145    1    31718 0      0/0     0 0   1   tunnel 12   d    0         0          FI 
10.17.168.226   10.17.33.145    1    31719 0      0/0     0 0   1   tunnel 12   c    0         0          FI 
10.17.168.226   10.17.33.145    1    31714 0      0/0     0 0   1   tunnel 12   11   0         0          FI 
10.17.168.226   10.17.33.145    1    31715 0      0/0     0 0   1   tunnel 12   10   0         0          FI 
10.17.168.226   10.17.33.145    1    31724 0      0/0     0 0   1   tunnel 12   7    1         60         FI 
 
 
10.17.168.226   10.17.33.145    1    31725 0      0/0     0 0   1   tunnel 12   6    1         60         FI 
10.17.168.226   10.17.33.145    1    31726 0      0/0     0 0   1   tunnel 12   5    1         60         FI 
10.17.168.226   10.17.33.145    1    31727 0      0/0     0 0   1   tunnel 12   4    1         60         FI 
10.17.168.226   10.17.33.145    1    31720 0      0/0     0 0   1   tunnel 12   b    0         0          FI 
10.17.168.226   10.17.33.145    1    31721 0      0/0     0 0   1   tunnel 12   a    0         0          FI 
10.17.168.226   10.17.33.145    1    31722 0      0/0     0 0   1   tunnel 12   9    0         0          FI 
10.17.168.226   10.17.33.145    1    31723 0      0/0     0 0   1   tunnel 12   8    0         0          FI 
10.17.168.230   10.17.33.145    6    4343  1470   0/0     0 0   0   tunnel 12   7    11        1976       F 
10.17.168.230   10.17.33.145    6    4343  1468   0/0     0 0   1   tunnel 12   1b   6         1032       F 
10.17.168.230   10.17.33.145    6    4343  1467   0/0     0 0   1   tunnel 12   1b   7         1141       F 
 
 
10.17.33.145    10.17.168.226   1    31730 2048   0/0     0 0   0   tunnel 12   1    1         60         FCI 
10.17.33.145    10.17.168.226   1    31728 2048   0/0     0 0   0   tunnel 12   3    1         60         FCI 
10.17.33.145    10.17.168.226   1    31729 2048   0/0     0 0   0   tunnel 12   2    1         60         FCI 
10.17.33.145    10.17.168.226   1    31726 2048   0/0     0 0   0   tunnel 12   5    1         60         FCI 
10.17.33.145    10.17.168.226   1    31727 2048   0/0     0 0   0   tunnel 12   4    1         60         FCI 
10.17.33.145    10.17.168.226   1    31724 2048   0/0     0 0   0   tunnel 12   7    1         60         FCI 
10.17.33.145    10.17.168.226   1    31725 2048   0/0     0 0   0   tunnel 12   6    1         60         FCI 
10.17.33.145    10.17.168.226   1    31722 2048   0/0     0 0   0   tunnel 12   9    0         0          FCI 
10.17.33.145    10.17.168.226   1    31723 2048   0/0     0 0   0   tunnel 12   8    0         0          FCI 
10.17.33.145    10.17.168.226   1    31720 2048   0/0     0 0   0   tunnel 12   b    0         0          FCI

 

Version history
Revision #:
1 of 1
Last update:
‎11-04-2014 03:16 PM
Updated by:
 
Labels (1)
Contributors
Tags (2)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.