Controllerless Networks

Occasional Contributor I

Aruba 3400 master redundancy in Data -Center



I have Aruba 3400 master controller in my Data Center which is conneded to 30 numbes of  remote APs through VPNoBB connectections. Remote APs are 105 and RAP5WN. In all APs master ip is set of this controller.


Now I have 1 spare 3400 controller in my Data Center. I want use the new controller as redundant with previous master. Like Acitve-Standby.


What I need to do in this regards.

Re: Aruba 3400 master redundancy in Data -Center

There's a few ways to do it (and quite a bit to it), but the first consideration and my preference is to make the IP the APs are connecting too virtual.


I.e. make the final IP the APs are targettting when they connect a VRRP instead, and change your 2 controller real addresses to something else on that same subnet. For instance, if your controller is today, instead make it .2 (and the new one .3) and create a VRRP on .1. This VRRP can be a master-backup interface if you like, or a VRRP shared with the new box as a local?


You don't say if the remote APs are targetting a public or private IP from where they are? Regardless, doing it this way should mean little or no changes to any exterior firewall or translation devices.




Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I

Re: Aruba 3400 master redundancy in Data -Center

HI MVP Guru,


What about the  AP configurations and RAP whitelist. Should I take tftp backup of flash from the 1st controller and the restore in the 2nd or I have to configure the 2nd controller mannualy.


Kondly help

Occasional Contributor I

Re: Aruba 3400 master redundancy in Data -Center

The APs are connected in different location through VPNoBB taken from ISP. 


I am giving you one configuratin


AP 105 




gateway  (Modem LAN interface ip)


Modem wan Interface ip whch redirected to Data Center through mpls VPN 


master ip (present controller IP)

server ip




Re: Aruba 3400 master redundancy in Data -Center

Your RAP whitelist should be fine. That won't change.


Re-address the master first, setting the VRRP as the original address, and the "real" IP as something new. Do this in a booked outage! Allow yourself an hour for comfort and reboots if required.


I then always recommend building the new controller seperately, with it's layer 1 (ports), layer 2 (vlans) and layer 3 (IP config). Then, associate it to the master as a local or backup (whatever you prefer). It will then collect and sync all other config.


You might be better having a standby second controller rather than a local as this will sync RAP whitelists. The only thing you'll loose is the potential for an active-active setup. It's more high availability.


It's all private addressed based on your config, so everything else remains as it is today.



Kudos appreciated, but I'm not hunting! (ACMX 104)

Re: Aruba 3400 master redundancy in Data -Center

Actually, a master-local would work in newer versions of code I think, as there's now a feature to sync whitelists to locals. However, I haven't used that yet, so I'll stick with my previous suggestion!


Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
Showing results for 
Search instead for 
Did you mean: