Wireless Access

Hi guys,

 

I have a VRRP pair (Master/Backup) that I would like to use with RAPs.

I configured the VRRP instance and I can correctly ping the virtual IP and I can see that both the controllers had correctly sync their databases (including the Whitelist).

The issue I have is that the RAPs do not join the backup controller when the primary goes down.

Also, when the RAPs join the primary controller, I can see (in Monitor> AP UP) that they have learned the IP of the controller interface instead of the VIP (switch IP = primary controller IP and not VIP).

Everything is connected to a layer 2 network and centralized licensing is enabled.

 

Did one of you already encountered same issue?

 

Thanks

Is the VRRP behind or in front of a firewall?

Thank you Colin for your feedback

 

 

- Well there is no Firewall currently, everything is connected to the same L2 switch.

   Also, the LMS IP and Backup LMS IP are set to the VIP in the AP profile applied to the VAP.

 

- Furthermore, I intend to have a Firewall between the RAPs and the Controllers, set the LMS IP to the        public IP of the firewall then redirect UDP 4500 to the VRRP VIP.  I have read that this is not working and that we need to use DNS and FQDN to make it happen. however, I dont really get why would this not be working as it is a matter of layer 3 connectivity.

 

Thanks

If you want the rap to failover to the standby controller you need to have a second public IP address for that controller and add both controller IPs to your lms config. Using the VRRP address with RAPs will fail when it fails over to the standby. The rap needs to create tunnels to both controllers. This is a good practice.

Here's another thread that might help as well.
http://community.arubanetworks.com/t5/Wireless-Access/RAP-Redundancy-won-t-work-with-VRRP/td-p/255176

thank you Patrick,

 

So in other words, there is no VRRP with RAP, we should provision the RAP with two controllers' addresses

 

Thank you for your answer.