Wireless Access

Reply
Occasional Contributor II
Posts: 33
Registered: ‎03-25-2013

Adding VRRP to working setup

We currently have a working 7210 on our campus.  We want to add a second controller and get VRRP working between the two.  What pitfalls do i need to look out for?  Ideally this setup would cause as little downtime as possible.

MVP
Posts: 517
Registered: ‎05-11-2011

Re: Adding VRRP to working setup

Pitfalls.. Well - knowing the steps in detail helps, but can't really avoid some downtime.

 

First prepare your Standby controller with all necessary config (basically just IP/network) and correct AOS.

Activate Centralized Licensing on the Master..

 

If you re-use the current master IP as VIP

* Change Master IP to new IP1, reboot

* Add VRRP on Master, verify that the VIP is up and running again in VRRP Master state

 -> At this time the AP's will start connecting to Master again.

* Add VRRP on Standby, verify that it has VRRP Backup state

* Add Master Redundancy settings on Master

* Add Master Redundancy settings on Standby

* Verify that database is in sync, or force a database sync. Verify that all settings/config are on the Standby

 

Or - use a new IP as VRRP and prepare everything as mentioned above. When you're ready to do the switch change your DNS entry for aruba-master (or dhcp options) towards the new VIP. At this time all the AP's will reboot, and connect to the new VIP. Some delay in updating DNS might occur..

 

And if you're using RAP's just make sure you update DNS and/or NAT ip's ..

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II
Posts: 33
Registered: ‎03-25-2013

Re: Adding VRRP to working setup

Will I need to setup user roles and auth parameters on the second controller or will it happen automagically?

Occasional Contributor II
Posts: 33
Registered: ‎03-25-2013

Re: Adding VRRP to working setup

Also I will be using a new IP for the VIP.  So i would just have to change the aruba-master IP when the time comes right?

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: Adding VRRP to working setup

jsolb has it right.

 

If you (1) Setup the VRRP so that the active master has greater priority (2) Setup master redundancy on top of that ...  Master redundancy will synch the configurations.

 

When you confirm that is done, you can change the aruba-master DNS entry to that of the VRRP, once you know the controllers answer to that new VRRP address.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 33
Registered: ‎03-25-2013

Re: Adding VRRP to working setup

so the only downtime will be when the AP rediscover the new dns entry right?

 

Also when it does the database sync will it migrate all the Profile settings?

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: Adding VRRP to working setup


JoshMaryville wrote:

so the only downtime will be when the AP rediscover the new dns entry right?

 

Also when it does the database sync will it migrate all the Profile settings?


The configuration is where all the the profiles are located.  That will be synched when you complete the master/backup master configuration.   After that, every time you type "write mem" or save configuration on the master it will be synchronized to the backup master.

 

You have to type "database synchronize" on the master to synchronize other things in the database (guest users, internal database users, AP database).  You can also type "config t database synchronize period x" on the master to have the database synchronize periodically.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Adding VRRP to working setup

In a redundant master setup, would you still have to export the local user database, I'm specifically concerned with the RAP whitelist, and import into the backup master then use the "aaa authentication-server internal use-local-switch" for local authentications?

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: Adding VRRP to working setup

Matt Finnie,

Database synchronize will take care of the rap whitelist and the local user database.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 517
Registered: ‎05-11-2011

Re: Adding VRRP to working setup

In addition to ip/port settings note that custom captive portal uploads and SSL certificates isn't replicated.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: