Wireless Access

Hi 

I have 2 controllers 7005 wiht master redundancy configured. Everything seems fine apart the fact that the "local" controller doesn't see the APs

Below the config

MASTER

(SMPWAP1) #show ap database

AP Database
-----------
Name    Group         AP Type  IP Address     Status  Flags  Switch IP     Standby IP
----    -----         -------  ----------     ------  -----  ---------     ----------
SMPAP1  Yoti_default  215      10.222.123.6   Down    2      10.222.123.2  10.222.123.3
SMPAP2  Yoti_default  103      10.222.123.14  Down    2      10.222.123.2  10.222.123.3
SMPAP3  Yoti_default  215      10.222.123.13  Down    2      10.222.123.2  10.222.123.3
SMPAP4  Yoti_default  215      10.222.123.12  Down    2      10.222.123.2  10.222.123.3
SMPAP5  Yoti_default  215      10.222.123.9   Down    2      10.222.123.2  10.222.123.3
SMPAP6  Yoti_default  215      10.222.123.11  Down    2      10.222.123.2  10.222.123.3
SMPAP8  Yoti_default  215      10.222.123.10  Down    2      10.222.123.2  10.222.123.3

LOCAL

(SMPWC2) #show ap database

AP Database
-----------
Name  Group  AP Type  IP Address  Status  Flags  Switch IP  Standby IP
----  -----  -------  ----------  ------  -----  ---------  ----------

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
       I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
       X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
       R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
       c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
       u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
       i = Indoor; o = Outdoor
       M = Mesh node; Y = Mesh Recovery

MASTER

(SMPWAP1) #show configuration | begin redundanc
master-redundancy
  master-vrrp 1
  peer-ip-address 10.222.123.3 ipsec 8a71f6105b11d7144f7eed4d0ec36e78fcfd206233bb1544
!
vrrp 1
  priority 110
  ip address 10.222.123.254
  description "Management"
  vlan 1230
  preempt delay 10
  no shutdown
!
(SMPWAP1) #show configuration | begin "interface vlan 123"
interface vlan 1230
	ip address 10.222.123.2 255.255.255.0
!

LOCAL

(SMPWC2) #show configuration | begin "interface vlan 123"
interface vlan 1230
	ip address 10.222.123.3 255.255.255.0
!
vrrp 1
  ip address 10.222.123.254
  description "Management"
  vlan 1230
  preempt delay 10
  no shutdown
!
(SMPWC2) #show configuration | begin redund               
master-redundancy
  master-vrrp 1
  peer-ip-address 10.222.123.2 ipsec 071ce8b1901837f574eba3c86a87b9e0771733ec92697bc9
!

Two things are involved:

Master Redundancy is the ability for one controller to take over for another controller entirely when the first controller fails.  When this is configured, the second controller in this scenario cannot terminate any access points; it only becomes active when the first controller is no longer available and gives up control of the VRRP between them.  You should be able to type "show switches" on the master controller to see if master redundancy is setup correctly.  The output of "show switches" on the master should show the master and the backup master as "master and standby".  

The second thing is configuring access points to work on this master/backup master configuration.  All this would take is to point the access points at the VRRP between the master and backup master in the LMS-IP field in the AP System Profile in the AP Group on the APs.

You must first type "show switches" on the master controller to see if master redundancy (master/backup master) is configured correctly.  Please let us know what the output of that command is..

Hi,
Thanks for your reply

This is the output of the MASTER

(SMPWAP1) #show switches 

All Switches
------------
IP Address    Name     Location          Type     Model      Version        Status  Configuration State  Config Sync Time (sec)  Config ID
----------    ----     --------          ----     -----      -------        ------  -------------------  ----------------------  ---------
10.222.123.2  SMPWAP1  Building1.floor1  master   Aruba7005  6.4.4.5_54063  up      UPDATE SUCCESSFUL    0                       5
10.222.124.3  SMPWC2   Building1.floor1  standby  Aruba7005  6.4.4.5_54063  up      UPDATE SUCCESSFUL    10                      5

Total Switches:2

This is the output of the backup

(SMPWC2) #show switches 

All Switches
------------
IP Address    Name    Location          Type     Model      Version        Status  Configuration State  Config Sync Time (sec)  Config ID
----------    ----    --------          ----     -----      -------        ------  -------------------  ----------------------  ---------
10.222.124.3  SMPWC2  Building1.floor1  standby  Aruba7005  6.4.4.5_54063  up      UPDATE SUCCESSFUL    0                       5

So, In backup/master scenario as mine, what happens if the master goes down? The backup takes over and will recognize the AP?

Also, I have more than 1 VRRP instance. The masster redundancy si configurable just for one. Is it enough to failover all VRRP sessions?

master-redundancy
  master-vrrp 1
  peer-ip-address 10.222.123.3 ipsec eba32ef2fa02f8a8dd026781d41cbf09830003ebc5edb304
!
vrrp 1
  priority 110
  ip address 10.222.123.254
  description "Management"
  vlan 1230
  preempt delay 10
  no shutdown
!
vrrp 2
  priority 110
  ip address 10.222.105.2
  description "Radius-Subnet"
  vlan 1050
  preempt delay 10
  no shutdown
!
vrrp 3
  priority 110
  ip address 10.222.192.1
  description "Yoti Staff"
  vlan 1920
  preempt delay 10
  no shutdown
!

The second controller will take over.

You only need a single VRRP between the controllers on the management VLAN.  The APs are pointed to the VRRP ip address and just end up on whatever controller has control over the VRRP.  APs are pointed using DNS/DHCP options for when they first boot up and then using the LMS-IP address in the AP System Profile of the AP Group that the APs are in.  The LMS-IP must point to the VRRP.