Wireless Access

Reply
Frequent Contributor II
Posts: 184
Registered: ‎04-17-2013

Reauthentication delay in controller HA setup

Hi,

 

We have 2 Aruba 7210 controller with AOS 6.5.0.3, AP model = 325 connected with single ethernet cable.

802.1x SSID for windows client machine.

 

Configured VRRP with AP fast failover.

 

The issue is -

While Master controller goes down and Standby controller takes control of AP, wireless client trying to reauthenticate and that will take 8-10 seconds.

Due to this long(8-10) reauthentication delay client disconnect from running application.

 

Could you please help me to fix this issue.

 

Thanks in advance

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: Reauthentication delay in controller HA setup

Is this a master/local setup or a master/backup master setup?

Do clients end up on the same layer 2 subnet on both the primary and backup controller?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 184
Registered: ‎04-17-2013

Re: Reauthentication delay in controller HA setup

This is Master/Standby setup.

Yes. clients end up on the same layer 2 subnet on both the primary and backup controller

 

Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: Reauthentication delay in controller HA setup

There are special instructions for using fast failover with a master/backup master.  Those instructions are here:  http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/VRRP/HighAvMigration.htm

Did you configure using those instructions?

 

In the end, it is probably easier to just remove the fast failover configuration between the master/backup master and just point the LMS-IP to the VRRP.  Why?  Because in a standard master/local redundancy scenario, both controllers can terminate access points at the same time, so failover can be very quick.  In a master/backup master scenario however, the backup master(standby controller) can only service access points when it has control over the VRRP.  I would first try removing the HA/Fast Failover configuration and just point the LMS-IP address in the ap-group to the VRRP between the master and backup master(standby) controllers and see if you still have the problem.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎05-11-2011

Re: Reauthentication delay in controller HA setup

I've been facing the same issue. Basically with that release the AP were not adding the second IPsec tunnel with the standby controller so fast failover didn't work. With the only firmware which seems to work in my case is with 6.5.1.2 which is EA.  There are two bugs fixed on this release which prevent the second tunnel with the standby controller using 7210. I've been using all the time GA versions in my environment and I don't feel really comfortable deploying EA so no idea when those bugs will be included on GA.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: