12-18-2013 01:51 AM
I have Aruba 3400 master controller in my Data Center which is conneded to 30 numbes of remote APs through VPNoBB connectections. Remote APs are 105 and RAP5WN. In all APs master ip is set of this controller.
Now I have 1 spare 3400 controller in my Data Center. I want use the new controller as redundant with previous master. Like Acitve-Standby.
What I need to do in this regards.
12-18-2013 01:57 AM
There's a few ways to do it (and quite a bit to it), but the first consideration and my preference is to make the IP the APs are connecting too virtual.
I.e. make the final IP the APs are targettting when they connect a VRRP instead, and change your 2 controller real addresses to something else on that same subnet. For instance, if your controller is 192.168.0.1 today, instead make it .2 (and the new one .3) and create a VRRP on .1. This VRRP can be a master-backup interface if you like, or a VRRP shared with the new box as a local?
You don't say if the remote APs are targetting a public or private IP from where they are? Regardless, doing it this way should mean little or no changes to any exterior firewall or translation devices.
12-18-2013 03:19 AM
HI MVP Guru,
What about the AP configurations and RAP whitelist. Should I take tftp backup of flash from the 1st controller and the restore in the 2nd or I have to configure the 2nd controller mannualy.
12-18-2013 03:29 AM
The APs are connected in different location through VPNoBB taken from ISP.
I am giving you one configuratin
gateway 10.100.19.1 (Modem LAN interface ip)
Modem wan Interface ip 10.14.169.4 whch redirected to Data Center through mpls VPN
master ip 10.100.43.1 (present controller IP)
server ip 10.100.43.1
12-18-2013 04:10 AM - edited 12-18-2013 04:11 AM
Your RAP whitelist should be fine. That won't change.
Re-address the master first, setting the VRRP as the original address, and the "real" IP as something new. Do this in a booked outage! Allow yourself an hour for comfort and reboots if required.
I then always recommend building the new controller seperately, with it's layer 1 (ports), layer 2 (vlans) and layer 3 (IP config). Then, associate it to the master as a local or backup (whatever you prefer). It will then collect and sync all other config.
You might be better having a standby second controller rather than a local as this will sync RAP whitelists. The only thing you'll loose is the potential for an active-active setup. It's more high availability.
It's all private addressed based on your config, so everything else remains as it is today.
12-18-2013 04:17 AM
Actually, a master-local would work in newer versions of code I think, as there's now a feature to sync whitelists to locals. However, I haven't used that yet, so I'll stick with my previous suggestion!