Wired Intelligent Edge

Hi there,

Currenty our setup consists of 2 controllers with a master (active) master (standby) solution using VRRP.

 

I have a question regarding the default gateway of each interface.

 

Currently we have 2 VLANS configured on the controller ( one for guest , one for corporate clients ) with 2 different subnets. 

Say we set the IP on the first controller for one of the VLANS to 172.16.0.1 and on the second controller it is 172.16.0.2.  If the default gateway is the controller, when controller 1 fails and controller 2 comes online how do we configure this so it can reach it's default gateway?

 

Thanks

What is the default gateway of your clients? If the controller is not the default gateway, clients will continue to contact that IP address to get off of their subnet so a vrrp is not needed on the controller.

Hi Colin,

 

The default gateway is the controller for the clients.

 

In this case does a VRRP need set up for both of these VLANS?

 

Thanks

Honestly, you should have a routing device be the default gateway, so that you can have an external DHCP server and external redundancy. If the controller is the default gateway, you would have to duplicate DHCP scopes and have a shared VRRP of some sort in both controllers. You would also end up with half the IP addresses because you would have to exclude duplicate ranges on each controller. This is not a good design to do redundancy with.

Hi Colin,

 

Thanks for your reply.  We have an external DHCP server but we were just using the controller as the default GW - unfortunately it is not an option for us to use our switch as a default GW so it limits our options with this.

Should a VRRP setup work ok for this with external DHCP?

Is there already a second controller in the picture? What is it doing currently? We would need to know more to advise you.

Yip so currently:

 

2 x Controllers

VRRP has been setup on the first interface on each controller so we have a master (primary) and master(standby) and this is syncing the config between the controllers.

 

Both controllers have VLANs configured for the corporate and the guest networks.  On the first controller the IP interface is .1 and on the second the IP interface is .2 for each subnet.

 

The default gateway has been set to the controller.

So if the default gateway for clients is on the controller, you would need a route to point from your infrastructure to the IP address of the controller so your clients can discover other networks, right? If yes, what device has that route?

By creating a static route on our firewall.

You would:

-create a vrrp between the two controllers on the management vlan
- point your static route on your firewall to that VRRP
- you would also need to point your aruba-master dns entry to that VRRP and turn off ADP discovery on those controllers, because both controllers can see and answer AP join requests. You dont want the backup master answering ADP join requests.

That should be about it..