Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Replacing a master controller with a new model in a master-local topology

This thread has been viewed 2 times

  • 1.  Replacing a master controller with a new model in a master-local topology

    Posted Jan 16, 2018 08:47 AM

    Hello,

    I'm trying to replace a M3 master controller with a 7210 new with the same master role and ip configuration.

    Our network is made of one M3 master controller and 3 7210 local controllers, with centraliced license and cpsec enabled.

    The documentation says that when the new master controller is bring up (7210 controller), it generate a new certificate which is sent to local controllers and then to AP to secure access (cpsec behaviour).

    The question is, assuming that I can migrate all AP to only one local controller and leave the other two with no AP, the new certificate is sent automatically from master to all local or I need to reboot the local controllers in order to get the new certificate?

    What I'm trying to do is to restart each controller one by one and when it gets the new master certificate then migrate groups of virtual AP in order to avoid an entire AP rebooting in all network.

     

    Thank you



  • 2.  RE: Replacing a master controller with a new model in a master-local topology

    EMPLOYEE
    Posted Jan 16, 2018 10:54 AM

    All of the APs will need to recertify and reboot.  You should plan this during a maintenance window.



  • 3.  RE: Replacing a master controller with a new model in a master-local topology

    Posted Jan 17, 2018 02:57 AM

    Yes, I know all AP should reboot, that's not the question.

    The question is if local controllers reboots immediatlely after the master is replaced, I mean does the local controllers detect the master replacement and automatically reboot or the reboot must be done manually?

    If the reboot is manually, does the associate AP lose service until the local controller is reloaded or not?

     

    I'm thinking in replace the master controller on the morning and reboot local controller the same day on the night when the AP doesn't have clients.

     

    Thank you



  • 4.  RE: Replacing a master controller with a new model in a master-local topology

    EMPLOYEE
    Posted Jan 17, 2018 06:39 AM

     

    You can try this:

     

    - Backup the flash on all controllers and copy them off the controllers.

    - Add a VRRP to the existing master's management VLAN and make the master a priority of 200 on that VRRP.

    - Change the masterip on your local controllers to point to the ip address of that VRRP (will require reboots of those controllers).

    - Validate that they show up on the existing master, as well as all of the APs.

    - Add the new master as a backup master

       a- prepare it to make sure it has the same version of ArubaOS as that master

      b- create a VRRP with the same number with a lower priority on that same management vlan. 

      c- make sure it becomes a backup to the master on that VRRP.

      d- configure master redundancy and reference that VRRP.

      e- Type "show switches" on the current master to make sure that it sees the new controller as a backup master

    - If you remove the original master, the backup master should take over and have a copy of the centralized licensing database, as well as the cpsec whitelist.

     

    You will have to test all of the steps above, because you might have things configured in a way that will not allow the general steps above to work.  If you feel uncomfortable about the steps above, please contact TAC for them to walk you through it.