Wireless Access

Reply
Regular Contributor I
Posts: 197
Registered: ‎01-19-2014

Confirmation needed on VRRP Configuration !!!

[ Edited ]

Dear experts,

 

I will be grateful if anybody please confirm my VRRP configuration so that I can proceed on my setup. In my Setup two controllers 7210 are available and I want redundancy through VRRP.

 

Do I need both commands for database synchronization or just a single one ?

Two methods for database synchronization Manual and Automatic. Please suggest which one is better.

 

database synchronize    --------------------------------> Manual

database synchronize period 20   ------------------> Automatic

 

Master VLAN-5 interface-ip        172.17.48.163 /24               

Backup VLAN5- interface-ip        172.17.48.164 /24

 

Preferred-Master Configuration

 

vrrp 5

vlan 5

ip address 172.17.48.165

priority 110

preempt

authentication admin@123

description Preferred-Master

tracking interface gigabitethernet 1/1   20                                             

no shut down

 

master-redundancy

master-vrrp 5

peer-ip-address 172.17.48.164 ipsec admin@123  

 

database synchronize

 

Backup-Master Configuration

 

vrrp 5

vlan 5

ip address 172.17.48.165

priority 100

preempt

authentication admin@123

description Backup-Master

tracking interface gigabitethernet 1/1   20                                            

no shutdown

 

master-redundancy

master-vrrp 5

peer-ip-address 172.17.48.163 ipsec admin@123

 

database synchronize

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Confirmation needed on VRRP Configuration !!!

Why are you using preemption?
Why are you tracking an interface?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 197
Registered: ‎01-19-2014

Re: Confirmation needed on VRRP Configuration !!!

[ Edited ]

I am using interface tracking because if by mistake someone would uplugged the uplink interface of Preferred-Master controller so interface tracking feature would decrement the priority by using the sub-value 20. So Preferred master priority would became 90 and  Backup-Master controller will take the ownership of VRRP due to having a priority of 100

 

Using preemption  becuase when the uplink interface again plugged into the Preferred-Master the priority gets incremented again and based on preemption it will take back an ownership of VRRP-5 from Backup-Master.

 

Please suggest should i use preemption on both controllers or just on preferred master or enabling preemption is recommended or not ?

 

Also suggest which  database synchronization method is suitable Manual or Automatic as mentioned in my first post. 

 

Looking forward for your valuable response.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Confirmation needed on VRRP Configuration !!!

The management interface is not on the uplink?
If it is not, it is fine to enable that option.

It is fair to enable preemption, but it leaves the door open to have a possibly failed component take control over another. For example, if the master controller reboots because of a hardware issue, when it comes back up it will take over, but it could have the same issue. Unless you are tracking your logs all of the time you might not notice you had an issue until much later. I would typically leave preemption off to avoid that scenario because it would make things harder to troubleshoot.

Database synchronize should be automatic at the default of 30 minutes.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 197
Registered: ‎01-19-2014

Re: Confirmation needed on VRRP Configuration !!!

[ Edited ]

We are not using vlan-1 as a managment vlan. No ip has been assigned to vlan-1

 

In our network we have defined VLAN-5 as a managment and defined as a native vlan-5 on all trunk interfaces. And we are using VRRP group 5 for our management vlan-5 .

 Sorry to forgot to inform you that both controllers are in layer-2 domain and forwarding the traffic towards uplink to core switch.

 

In last I just want to know Should I enable the preemption on both controllers or on just Preferred-Master ?

 

 

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Confirmation needed on VRRP Configuration !!!

If VLAN 5 is on your uplink, then you do have your management vlan on your uplink and then you do not need to preempt based on the status of an interface. If that link goes down, the interface of the opposite controller will no longer see advertisements and take over. VRRP is only available layer 2. You are doing the right thing. You should only need a VRRP between the controller's management address and terminate the access point traffic. You should not need a VRRP for user subnets; you should instead have both controllers allow an upstream layer 3 switch be the default gateway for user subnets so that upon failover, clients would be attempting to reach the same gateway on the same device. Again, I am not a big fan of preemption, because it has the potential to introduce a failed part back into the network automatically, which would make things very difficult to troubleshoot. If a link keeps flapping for whatever reason, the opposite controller should take over so that it can service clients consistently. You will then have the opportunity to troubleshoot the controller with the issues, without it trying to take over an disrupting user traffic.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 197
Registered: ‎01-19-2014

Re: Confirmation needed on VRRP Configuration !!!

Dear cjoseph,

 

I am very grateful to you for showing your interest on this subject. From my first post you only picked two points tracking interface & preemption which means that rest of the configuration looks fine to you.

 

Once again thankyou for supporting and sharing the valuable knowledge.

 

 

 

 

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Confirmation needed on VRRP Configuration !!!

Correct. On the face of it the rest of it looks fine, with the caveats that I mentioned.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎10-09-2014

Re: Confirmation needed on VRRP Configuration !!!

I agree with cjoseph about whether to use preemption or not. But from my understanding if want preemption you are going to use the preempt statement only on the controller you want to be preferred.
Regular Contributor I
Posts: 197
Registered: ‎01-19-2014

Re: Confirmation needed on VRRP Configuration !!!

[ Edited ]

Dear cjoseph

 

I need one more clarification. In my setup three access layer poe manageable switches and two controllers 7210 are connected to core switch via trunk links. Native Vlan-5 is define on each end of every trunk interfaces. Our whole management network is based on VLAN-5. No ip address assigned to VLAN-1 interface on any end. I have 75 access points of model 215.  

 

My question is when I do connect my access points on access layer switches, Should I change the Access Port vlan-id from vlan-1 to vlan-5 ?

 

I will be gratefull for your kind response on this query.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: