Wireless Access

Reply
Regular Contributor I

Redundant tunnel controllers?

We are currently usng a 3200 controllers where all our Guest tunnels terminate to from each location.  We want to setup a redundant controller as well.  Is there a specific way of setting this up since each remote location is pointing to the IP address of that single controller for the tunnel termination?

 

Regular Contributor I

Re: Redundant tunnel controllers?

All these tunnels are over a L3 link.  Can the tunnels terminate on a VRRP address of the paired controllers?

Re: Redundant tunnel controllers?

 

You can user the LMS backup ip option under the AP System profile

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP

Re: Redundant tunnel controllers?

I think hes asking about GRE tunnels for guest wireless users -- tunnelling from remote controllers back to a central one for captive-portal and drop off on the Internet (or whatever)

 

Even if he's not, I will -- I'd like to have Guests able to get to the internet over the "primary" controller with an egress, and have a "secondary" controller as well.

 

With two controllers at my HQ, would I put them both on my internet facing VLAN and just tunnel each remote controller to both of them?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite

Re: Redundant tunnel controllers?

You can terminate a tunnel on a VRRP, yes.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Redundant tunnel controllers?

We have a controller dedicated for RAPs and tunnel termination from each of the local controllers in the enterprise.

 

This controller is located in the DMZ of the data center.  We want to have this controller be redundant with another same controller.  

 

We want to be able to only modify one controller and the changes to replicate to the redundant one.  

 

Seeing how tunnels can terminate on a VRRP, we can solve the tunnel redundancy that way. We should be able to use the same for the RAP redundancy correct?  We would just nat the outside IP to the inside VRRP address right?

Guru Elite

Re: Redundant tunnel controllers?

You cannot terminate a Rap on a vrrp if it is behind a stateful firewall, no.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Redundant tunnel controllers?

The RAPs are connection from the outside using a public IP.  Could we not just nat that address to the VRRP on the inside?

 

If not, what't he best solution to provide redundant RAP controllers for outside RAP connections and redundant tunnel connections for inside tunnels?

Guru Elite

Re: Redundant tunnel controllers?

Stateful firewalls do not like vrrp behind them.

I would give each controller a matted public IP address then use DNS to distribute the two addresses to the rap.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: Redundant tunnel controllers?

Using the DNS option, the RAPs would have both DNS names and try the second one if the first of the list fails?

 

We also have an F5 device in the DMZ, would it be best to place the controllers behind the F5 and having it do the load balancing?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: