Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

using vrrp for simple ip failover

This thread has been viewed 0 times

  • 1.  using vrrp for simple ip failover

    Posted Oct 25, 2016 03:46 AM

    Due to the securelogin.arubanetworks.com certificate revocation, we forward our authenticated guests now to our master controller.

     

    But this ofcourse is a single point of failure.  Therefore i'm thinking of using vrrp to create redundancy.

     

    Setup : one master (192.168.100.251), one local (192.168.100.252)...

     

    Am i correct that adding the following would be sufficiant :

     

    I reserved a new ip 192.168.100.250 for vrrp.

     

    master :

    vrrp

    vlan 100

    ip address 192.168.100.250

    priority 110

    no shutdown

     

    local:

    vrrp

    vlan  100

    ip address 192.168.100.250

    priority 100

    no shutdown

     

    Or is it possible to use the same ip address in vlan 100 which is now used by the master controller (which is now 192.168.100.251)?



  • 2.  RE: using vrrp for simple ip failover

    EMPLOYEE
    Posted Oct 25, 2016 04:23 AM

    You are doing it right.

     

    The last step is to go into the AP System Profile and change the LMS-IP to 192.168.100.250.  That will have the access point setup its connection to the VRRP, after it has discovered either controller.



  • 3.  RE: using vrrp for simple ip failover

    Posted Oct 25, 2016 04:59 AM

    Is that LMS change a must?  



  • 4.  RE: using vrrp for simple ip failover

    EMPLOYEE
    Posted Oct 25, 2016 05:03 AM

    If an AP discovers a controller and there is no LMS, it will only communicate with the controller that it found.  If you use an LMS, it will be redirected to the LMS-IP address, instead.



  • 5.  RE: using vrrp for simple ip failover

    Posted Oct 25, 2016 10:53 AM

    Please let me make it more clear... Curently we have LMS ip 192.168.100.251 and backup LMS 192.168.100.252. In Clearpass i currently redirect to the master controller ip (which is also 192.168.100.251). I introduce VRRP with ip 192.168.100.250. I'm not really interested in aligning the VRRP and LMS to the same ip (altough i agree it's cleaner). Or in other words, the LMS is used for terminating the ap's. And i use VRRP for terminating Clearpass forwarding (if i can call it that way).



  • 6.  RE: using vrrp for simple ip failover

    EMPLOYEE
    Posted Oct 25, 2016 11:06 AM

    Without bringing Clearpass into the conversation, if you point the LMS to the VRRP that is enough for AP redundancy.  The AP will be able to tell that it is terminating on a VRRP and if one controller goes away, the AP will attempt to connect to the VRRP a second time, without rebooting , knowing it is a VRRP.



  • 7.  RE: using vrrp for simple ip failover

    EMPLOYEE
    Posted Oct 25, 2016 11:16 AM

    The way you have it currently setup, if your first controller is down and the AP boots, it will find the second controller and be immediately sent to the LMS which is LMS 192.168.100.252.  The AP will be stuck there trying to find the first controller, instead of going to the VRRP.