Wireless Access

Hi 1st post, I'm in the process of planning deployment of a  2nd 3600 controller. We are adding for increased capacity and redundancy. Currently our AP's are deployed over multiple logical segments, 10.x.x.x. & 172.x.x.x.. I'm not sure how best to proceed. Would creating multiple VRRP interfaces relative to the respective logical segments work? Or would it be better to consolidate the AP's on a single segment and have just that VRRP configuration? Thanks in advance.

#3600

I have a pair of controllers and I am moving towards a master/local configuration. What I do know is check out the VRDs for your implementation. I am going my way so I could get APs to register with both controllers at the same time for load sharing. Add for the APs in my setup the are all on other subnets and I have done the DNS entry for aruba-master so they know where to register (which is a vrrp address). If you go master/active master/standby no APs can register with the standby... Not sure if that helps?

I completly agree with Nik. 

 

If you have 2 controllers, its good to do a Master/Local and load balance the APs. and use the LMS and Bkp-Lms or VRRP  or both  to switch between the controllers in case of redundancy. please check the the following VRD. 

 

http://www.arubanetworks.com/pdf/technology/VRD_Aruba%20Mobility%20Controllers_8.pdf

I understand the load balancing with the Master/local and plan to take advantage of that. I've been reading the recommended VRD and it seems to indicate in an 802.1X authentication environment, which we are mostly, that having a single AP VLAN is recommended. Which would seem to answer my initial question. Does anyone have any other thoughts or input relative to configuring VRRP's on multiple segments with 802.1X authentication?

---

@bjackson wrote:

I understand the load balancing with the Master/local and plan to take advantage of that. I've been reading the recommended VRD and it seems to indicate in an 802.1X authentication environment, which we are mostly, that having a single AP VLAN is recommended. Which would seem to answer my initial question. Does anyone have any other thoughts or input relative to configuring VRRP's on multiple segments with 802.1X authentication?

---

You do not need multiple VRRPs on multiple segments.  No matter what subnet an AP is in, it still contact the controller or controllers on the same ip address.  The controller does not need an ip address on every subnet where APs reside; the access points only need to be able to route to the management ip address of the controller.  Sometimes it is not practical to have an instance of the same VLAN at every location where you need an AP, so being able to put an AP on ANY vlan, as long as it can route to the controller keeps you from having to redesign your network to accomodate access points.

 

 

I hope this makes sense.

Thanks, that did make sense and reduced my confusion. ;-).

What about the VRD recommending a single VLAN when using 802.1X authentication? We've been doing that over two VLAN's with acceptable performance to date.

---

@bjackson wrote:

Thanks, that did make sense and reduced my confusion. ;-).

What about the VRD recommending a single VLAN when using 802.1X authentication? We've been doing that over two VLAN's with acceptable performance to date.

---

I would say it is there just to make is easier, but it will certainly work very well with the way you have it.

Look into using vlan pools which tie into the vap configuration, and maybe if you can get these vlans routed by the core lan switch this may be a bit easier? Just a suggestion that might work for you?