Wired Intelligent Edge (Campus Switching and Routing)

Reply
Frequent Contributor I

using vrrp for simple ip failover

Due to the securelogin.arubanetworks.com certificate revocation, we forward our authenticated guests now to our master controller.

 

But this ofcourse is a single point of failure.  Therefore i'm thinking of using vrrp to create redundancy.

 

Setup : one master (192.168.100.251), one local (192.168.100.252)...

 

Am i correct that adding the following would be sufficiant :

 

I reserved a new ip 192.168.100.250 for vrrp.

 

master :

vrrp

vlan 100

ip address 192.168.100.250

priority 110

no shutdown

 

local:

vrrp

vlan  100

ip address 192.168.100.250

priority 100

no shutdown

 

Or is it possible to use the same ip address in vlan 100 which is now used by the master controller (which is now 192.168.100.251)?

Guru Elite

Re: using vrrp for simple ip failover

You are doing it right.

 

The last step is to go into the AP System Profile and change the LMS-IP to 192.168.100.250.  That will have the access point setup its connection to the VRRP, after it has discovered either controller.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Frequent Contributor I

Re: using vrrp for simple ip failover

Is that LMS change a must?  

Guru Elite

Re: using vrrp for simple ip failover

If an AP discovers a controller and there is no LMS, it will only communicate with the controller that it found.  If you use an LMS, it will be redirected to the LMS-IP address, instead.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Frequent Contributor I

Re: using vrrp for simple ip failover

Please let me make it more clear... Curently we have LMS ip 192.168.100.251 and backup LMS 192.168.100.252. In Clearpass i currently redirect to the master controller ip (which is also 192.168.100.251). I introduce VRRP with ip 192.168.100.250. I'm not really interested in aligning the VRRP and LMS to the same ip (altough i agree it's cleaner). Or in other words, the LMS is used for terminating the ap's. And i use VRRP for terminating Clearpass forwarding (if i can call it that way).

Guru Elite

Re: using vrrp for simple ip failover

Without bringing Clearpass into the conversation, if you point the LMS to the VRRP that is enough for AP redundancy.  The AP will be able to tell that it is terminating on a VRRP and if one controller goes away, the AP will attempt to connect to the VRRP a second time, without rebooting , knowing it is a VRRP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Guru Elite

Re: using vrrp for simple ip failover

The way you have it currently setup, if your first controller is down and the AP boots, it will find the second controller and be immediately sent to the LMS which is LMS 192.168.100.252.  The AP will be stuck there trying to find the first controller, instead of going to the VRRP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: