Remote Networking

Reply
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Provisioning Profile and AP System Profile

Does anyone know what affect the "master IP/FQDN" setting in a provisioning profile will have on the LMS/Backup LMS settings in RAP's AP system profile?

How do those two interact, and why do I need to specify the master in a provisioning profile when I've already told a RAP which master to go to when I provisioned it in its web interface? Additionally, its AP system profile has all that information as well.
Guru Elite
Posts: 20,956
Registered: ‎03-29-2007

Provisioning Profile


Does anyone know what affect the "master IP/FQDN" setting in a provisioning profile will have on the LMS/Backup LMS settings in RAP's AP system profile?

How do those two interact, and why do I need to specify the master in a provisioning profile when I've already told a RAP which master to go to when I provisioned it in its web interface? Additionally, its AP system profile has all that information as well.




In practice, the provisioning profile will override anything that is the AP system-profile. The most popular use for it is to assign USB 3G card parameters to every RAP in a group.

Hope this helps.

**Another point: If the provisioning profile redirects the AP to a controller where the AP's ap-group does NOT have a provisioning profile, the contents of the AP system profile in the group on that controller will be adhered to. The AP system profile will only override the ap system profile if the controller it connects to has a provisioning profile attached to the ap-group.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Provisioning Profile and AP System Profile

Thanks Colin, that does help. However, what I'm most concerned with is, will the master ip/FQDN in a provisioning profile make the AP ignore the LMS and backup LMS settings in it's AP system-profile?
Guru Elite
Posts: 20,956
Registered: ‎03-29-2007

Yes

Yes it will. Leave it blank, and it will not override it.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Provisioning Profile and AP System Profile

Ok, so at this point I need a sanity check on my config.

I removed the provisioning profile all together from the AP group so I wasn't complicating things. Now, in my AP system profile for a particular RAP, I have the IP addresses configured for the LMS IP and Backup LMS IP. When I connect my laptop to a factory defaulted RAP, I tell it to go to the master controller, which happens to be same controller listed as the primary LMS in the AP system group.

The RAP connects, downloads its software, gets its config and connects to the primary LMS. Got my VAPs, everything is working fine. Then I disconnect the Internet facing interface from my primary LMS to simulate a failure and the RAP never even tries to connect to the backup LMS IP (I'm watching it on a sniffer).

What am I missing?
Guru Elite
Posts: 20,956
Registered: ‎03-29-2007

Backup LMS


Ok, so at this point I need a sanity check on my config.

I removed the provisioning profile all together from the AP group so I wasn't complicating things. Now, in my AP system profile for a particular RAP, I have the IP addresses configured for the LMS IP and Backup LMS IP. When I connect my laptop to a factory defaulted RAP, I tell it to go to the master controller, which happens to be same controller listed as the primary LMS in the AP system group.

The RAP connects, downloads its software, gets its config and connects to the primary LMS. Got my VAPs, everything is working fine. Then I disconnect the Internet facing interface from my primary LMS to simulate a failure and the RAP never even tries to connect to the backup LMS IP (I'm watching it on a sniffer).

What am I missing?




Things are different with RAPs. There is a parameter called "IPSEC retries" in the AP system profile that is normally set to 360. That is the number of IPSEC retries before the AP will even try the backup LMS. Tune that down and you should get the desired behavior. Previously RAPs used the bootstrap threshold and the bootstrap timer, but RAPs use the IPSEC retries parameter to determine when to switch.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Provisioning Profile and AP System Profile

Thanks again, Colin, I'll try it tomorrow!

Any idea what the retry period is?
Guru Elite
Posts: 20,956
Registered: ‎03-29-2007

Don't know

I do not know, but it retries continuously.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Provisioning Profile and AP System Profile

Ok, thanks. I do know the RAP will reboot eventually, just like a campus AP.
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Provisioning Profile and AP System Profile

I did some testing and found no difference in failover times when changing IPSec retries or Bootstrap Threshold.

Failover time was 2mins 2secs with all the following settings:

IPSec: 5
BST: 8

IPSec: 360
BST: 8

IPSec: 360
BST: 2

IPSec: 360
BST: 32

EDIT: I also noticed that using a provisioning profile does not over-ride the LMS and Backup LMS settings in my AP System Profile. I dunno, maybe a developer would know what is going on...
Search Airheads
Showing results for 
Search instead for 
Did you mean: