How to configure VPN Fast Failover on IAP ?
Product and Software: This articles applies to Aruba Instant Access Points (IAP's) running on Aruba InstantOS 22.214.171.124-126.96.36.199 and later.
Starting from Instant 3.2, IAP supports fast-failover with two tunnels with controllers. Both the tunnels are UP at the same time and when one of the tunnel goes down, IAP will use another tunnel which is already UP. Thus minimizing the time required for VPN switchover.
Before Instant 3.2, IAP establishes only one tunnel to the Controller (Either Primary or Backup). If the current tunnel goes down, IAP has to establish tunnel with the another controller.
Follow the below steps to enable VPN Fast-Failover :
Using GUI, login into Virtual Controller
Click VPN in the top-right Main Menu
Click on the Controller Tab and configure as shown in below example:
Note: "Connection Test Frequency" and "Test Packet Count" fields appear only when a character is entered is "Primary Host" field.
Connection Test Frequency: This defines the interval in seconds between two consecutive heartbeats. The default value is 10 seconds. In this case, ping to the controller's loopback address is considered as heartbeat.
Test Packet Count: The default value is 2. If two consecutive ping to controller's loopback address (heartbeats) goes unresponded, then fast failover is triggered.
Configuration via CLI is not supported, but we can always verify the configuration by SSH to the Virtual Controller.
As of Instant 3.2, Configuration via CLI is not supported.