Wireless Access

Background:  We're in the process of collapsing our MS AD Forest into a single domain.  Currently each country maintains their own child domain and DNS.  Globally we have multiple 'aruba-master.XX.mydomain.net' entries pointing to their appropriate regional Aruba Master.

Today:  We now have a 'catch controller' that will respond to 'aruba-master.mydomain.net'.  However I'm not looking to manually reprovision future deployments with multiple APs in order to redirect them to their correct regional master.  Globally setting DHCP options is not really a valid strategy for us as this would be a huge administrative overhead.

Question (perhaps feature request?):  How could we (perhaps something like the AP Provisioning Profiles) create multiple profiles and assign the correct one based on the IP address or subnet of the requesting/connecting AP?  These profiles would specify each of the regional Masters.  Then the local IT responsible could provision into the correct AP Group.

---

@adamd33 wrote:

Background:  We're in the process of collapsing our MS AD Forest into a single domain.  Currently each country maintains their own child domain and DNS.  Globally we have multiple 'aruba-master.XX.mydomain.net' entries pointing to their appropriate regional Aruba Master.

 

Today:  We now have a 'catch controller' that will respond to 'aruba-master.mydomain.net'.  However I'm not looking to manually reprovision future deployments with multiple APs in order to redirect them to their correct regional master.  Globally setting DHCP options is not really a valid strategy for us as this would be a huge administrative overhead.

 

Question (perhaps feature request?):  How could we (perhaps something like the AP Provisioning Profiles) create multiple profiles and assign the correct one based on the IP address or subnet of the requesting/connecting AP?  These profiles would specify each of the regional Masters.  Then the local IT responsible could provision into the correct AP Group.

---

The short answer is that this feature does not exist.

A simple suggestion is to place or bring up your access points in a VLAN that is shared by a controller locally, because discovery via ADP or broadcasts always supersedes DNS resolution in terms of discovery.

What about using a global server load balancer (Brocade or F5) with affinity as its selection mechanism.  Basically, DNS requests are presented to the load balancer.  The load balancer, based on the source IP address will send the appropriate "master" controller IP address back to the AP.

Thank you both for the replies!

The load balancer is a very interesting solution.  I'll check with my team and setup some test scenarios.  Will post results.

For our large national/mulit-national customers, we recommend controller discovery via DHCP Option 60/43 response.

This allows per-site, per-subnet granular control of the candidate controller's, the Option 43 response is an array, so we recommend populating it with the controller's closest (lowest latency first).

This discovery allows the AP to boot, so when performing upgrades in multi-hierarchies, remember to consider this when planning the array values and your normal upgrade strategy.

One of our customer's with 600+ controllers populates the arrays as follows:

1.  If local controller at site with subnet, that controller is first in list, followed by lowest latency regional or central controllers....

2.  If no local controller, regional controller with lowest latency first, second lowest latency second, etc., then back to main Data Center controllers