Wireless Access

Reply
Frequent Contributor I

Client State Synchronization on a HA Fast Failover fails

Hello 

I'm building a HA scenario using HA and VRRP but I'm not able to see the user-table on the standby controller. I also testing to reboot the master controller and I'm losing the connectivity from the clients, I odn't even see the SSID during the reboot. I run 6.5.0.3. Can I get some direction from the community to look into to narrow down the issue?

Here you have some outputs from the Active and Standby:

Active
(EU-WLAN03) # show ha group-profile HA-MM
HA group information "HA-MM"
----------------------------
Parameter Value
--------- -----
Preemption Enabled
Over-subscription Disabled
State Synchronization Enabled
Pre-shared Key ********
Inter Controller heartbeat Enabled
Heartbeat Threshold 5
Heartbeat Interval 100
HA group-member IP address 172.20.9.214 dual
HA group-member IP address 172.20.9.215 dual
HA group-member IPv6 address N/A

(EU-WLAN03) #show vrrp


Virtual Router 20:
Description MASTER-VRRP
Admin State UP, VR State MASTER
IP Address 172.20.9.213, MAC Address 00:00:5e:00:01:14, vlan 298
Priority 255, Advertisement 1 sec, Preemption Disable Delay 0
Auth type PASSWORD, Auth data: ********
tracking is not enabled


Standby
(EU-WLAN04) #show ha ap table

HA AP Table
-----------
AP IP-Address MAC-Address AP-flags HA-flags
-- ---------- ----------- -------- --------
18:64:XX:XX:XX:XX 172.20.216.51 18:64:XX:XX:XX:XX SLU H

 

 

Guru Elite

Re: Client State Synchronization on a HA Fast Failover fails

Client State synchronization refers to the PMK cache entries that are synchronized from the active to the standby controller for 802.1x clients.  When 802.1x clients fail over, they will just do a 4-way handshake instead of a full radius reauthentication, which saves quite a bit of time and considerably reduces the hit that a radius server would take during a failover.  The user table is NOT synchronized to the standby controller.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: Client State Synchronization on a HA Fast Failover fails

Thanks for the clarification. So then, that is not the reason of my problem during the failover which is not working.

During the reboot of the Activate controller the AP is not connected on the Standby controller

(EU-WLAN04) #show ha ap table

HA AP Table
-----------
AP  IP-Address  MAC-Address  AP-flags  HA-flags
--  ----------  -----------  --------  --------

Total Num APs::0
Active APs::0
Standby APs::0
AP Flags: R=RAP; S=Standby; s=Bridge Split VAP L=Licensed; M=Mesh, U=Up
HA Flags: S=Standby, C=Standby connected, L=LMS, F=Sent Failover Request to AP, H=AP flaged for Inter Controller Heartbeat

 

As soon as the primary is up, I can see the AP on both controllers. By the way, on the ap system-profile I don't have any LMS and BKUP ip address, if I add this setup, the AP is shown on the controllers as "dirty"

Thanks

Frequent Contributor I

Re: Client State Synchronization on a HA Fast Failover fails

I make some progress wiping my test AP and configuring option 43 pointing to the VRRP IP via DHCP and adding the lms ans bckp-lms IP on the AP system profile but the scenario is still unpredictable and it doesn't work after rebooting the master controller. The standby tunnel from the AP on the second control becomes active and takes over the traffic but after the primary master controller is available again and the AP tunnel returns to this controller , the standby AP tunnel disappear. I see some bugs even on the early code 6.5.1.
Frequent Contributor I

Re: Client State Synchronization on a HA Fast Failover fails

I've been running 6.5.1 on HA in a production enviroment and so far has been stable wihout anyproblems. Standby controller has kept the AP tunnels all the time. Looking at the 6.5.1 Release Notes , I can see the two bugs 129692 138741 describing the issue Ive been facing.

I always use GA versions but in my enviroment I have several 7210 controllers so I might need to jump to ED instead.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: