Controllerless Networks

Reply
Occasional Contributor II
Posts: 10
Registered: ‎05-27-2012

IAP - 93, More than one master??

Hello there,, 

Guys an important question please b pateint and read the brief.....

 

i have this situation when i want to deploy 3 IAP-93 (Instant), and there is a dot1x policy on the ports, so we connected them to a trunk and gave them IPs from the native VLAN, and they want two with the same SSID, and the other with a different one and disabled join mode feature, and i configured them manually with the IPs and stuff,, so if i put the two they will broadcast, and the other will not, and if i turn off that two the other will work and broadcast. 

 

So, i think there is a conflict that there are maybe two masters !! on the same VLAN.... please any thoughts ??? 

 

or a solution ... 

 

Monther Jaber

Moderator
Posts: 55
Registered: ‎10-14-2011

Re: IAP - 93, More than one master??

On the switch that you have connected the IAPs to, you will have to disallow the VLAN on the port for the other IAP network. You have the ports in trunk mode now.

 

Shashi

Occasional Contributor II
Posts: 10
Registered: ‎05-27-2012

Re: IAP - 93, More than one master??

Thanks a lot man.... 

but do you mean to dissallow the native VLAN?? or the Network(SSID) VLAN?? 

because they have the security policy on the ACS (Cisco) and they can give IPs for the IAPs from the management (Native VLAN). 

they have it - the management VLAN (127) 

                       the user network (VLAN 70) - on 2 IAPs. 

                       another user network (VLAN 71) - on 1 IAP. 

 

thanks again.

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: IAP - 93, More than one master??

I think what Sassy is saying is that you need to separate the clusters by VLAN.  You can't have IAPs on the same VLAN in two different clusters (AFAIK - please correct me if I am mistaken).

 

Put the two IAPs on VLAN 127 and the other IAP on VLAN 128 (for example).   The users can be on the same VLAN or not, but the management function needs to be split.

Occasional Contributor II
Posts: 10
Registered: ‎05-27-2012

Re: IAP - 93, More than one master??

Thanks Olino.... 

see.... 

the problem is that because of the security policy of these guys ,,, they cannot put them on different VLANs .... so, i guess there is no solution per the given criteria to be on the same VLAN?? or work around?? 

 

Monther

Moderator
Posts: 55
Registered: ‎10-14-2011

Re: IAP - 93, More than one master??

Correct, you can't have two different IAP networks on the same VLAN.

 

Shashi

Occasional Contributor II
Posts: 10
Registered: ‎05-27-2012

Re: IAP - 93, More than one master??

what i mean Shashi is ,, the networks are on different VLANs,, but the IAPs have a static IPs from the Native Management VLAN. and that's their policy,, they have a dot1x security on the ports(Access) or we have to use trunk ports from the switch,, because the IAP can not authenticate. 

but when we run all IAPs a conflict occurs i think, the first one to broadcast will be normal,, and the other will freeze at the point that "master election" ,, so what i asked even if i disabled the (auto join mode). it still like conflict because maybe there is like two masters???? 

 

appreciate you answers,, 

 

Monther

Moderator
Posts: 55
Registered: ‎10-14-2011

Re: IAP - 93, More than one master??

Ah I see - so it was what I understood the first time around :)

 

For example, IAP 1 is on VLAN 10 and IAP 2 is on VLAN 20. The ports on the switch that you have physically connected the IAPs to are trunk ports. Say IAP 1 is connected to gige 1/0 and IAP 2 is connected to gige 2/0.

 

For example, from cisco documentation:

"By default, a trunk port sends traffic to and receives traffic from all VLANs. All VLAN IDs are allowed on each trunk. However, you can remove VLANs from this inclusive list to prevent traffic from the specified VLANs from passing over the trunk. You can add any specific VLANs later that you may want the trunk to carry traffic for back to the list."

 

For your setup, you can do something like the following (this is from memory, so please check proper documentation for the right commands):

 

interface gig1/0

 switchport mode trunk

 switchport trunk native VLAN 10

 switch trunk allowed vlan all except 20

 

This will prevent the IAPs from "hearing" each other and they will become masters in their own network.

 

Let me know if this helps.

Shashi

Occasional Contributor II
Posts: 10
Registered: ‎05-27-2012

Re: IAP - 93, More than one master??

Thanks a lot Shashi......

i will and update you. 

 

Monther

Occasional Contributor II
Posts: 10
Registered: ‎05-27-2012

Re: IAP - 93, More than one master??

ok.... Shashi .. 

they don't have a VTP on the switches so nothing is passed by default,..... 

so... as a conclusion i think in our situation they will conflict. 

we have to move one of them to another VLAN. 

 

appreciate your efforts guys... 

 

Thanks

 

Monther

Search Airheads
Showing results for 
Search instead for 
Did you mean: