Wireless Access

Reply
Frequent Contributor I

choosing right HA design

Hello.

I'm going to set up wireless network with 2 controllers (3400) and 30 APs and I'm wondering which HA design I should choose.

There will be 3 SSIDs (2 for employees with RADIUS authentication and 1 for guests). Controllers and access points are is the same subnet. The most important is to have nearly no downtime when one controller fails. I also have one license for 32xAP, 32xRF Protect and 32xPEFNG so controllers must share licenses.

Which solution is better to meet these requirements?

Which solution gives lower downtime?

Is it possible to enable both Fast Failover and VRRP?

Can Centralized Licenses be enabled with these solutions?

 

Thanks in advance.

Re: choosing right HA design

Are you planning to serve APs on both controllers ? Or just active / standby setup ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: choosing right HA design

Active/active is not necessary. Active/standby will be sufficient.

Re: choosing right HA design

Fast failover is what you want if you wanted the fastest transition.  VRRP is effectively the "old school" failover mechanism starting with 6.3 and up.  VRRP is not used when fast failover is configured.

 

Yes, centralized licensing can be enabled starting with 6.3. 

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Frequent Contributor I

Re: choosing right HA design

I have set up Fast Failover where one controller is active and one is standby. I also have provisioning where all APs are assigned with static IP and master discovery policy is set to Master Controller IP Address with IP address of active controller. Is that configuration good enough to work with Fast Failover?

 

LMS IP of AP system profile should have IP od active controller? Should I also set backup LMS IP to standby controller?

Does Fast Failover work with AP bridge mode?

Is there any command that can verify if APs are connected to both controllers because network summary on active controller displays all 30 APs but standby only 20?

 

Thanks

Re: choosing right HA design


mate78 wrote:

I have set up Fast Failover where one controller is active and one is standby. I also have provisioning where all APs are assigned with static IP and master discovery policy is set to Master Controller IP Address with IP address of active controller. Is that configuration good enough to work with Fast Failover?


The static IP assignment is fine, but DHCP would be preferred.  What do you mean you're "discovery policy is set to master controller IP address with IP address of active controller"?  Do you have a master and two locals (1 active, the other standby)?  Or are you using your master to terminate APs and function as the active controller?

 

 


mate78 wrote:

 

LMS IP of AP system profile should have IP od active controller? Should I also set backup LMS IP to standby controller?

Does Fast Failover work with AP bridge mode?

Is there any command that can verify if APs are connected to both controllers because network summary on active controller displays all 30 APs but standby only 20?


LMS IP should be that of the active controller.

Do not set a backup LMS IP.  In the HA profile you will configure your active/standby controllers.

Fast failover is not compatible with bridge mode.  Only tunnel mode is supported.

 

Here is a link to the the 6.3 user guide that explains step-by-step how to configure fast failover.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.

Re: choosing right HA design


LMS IP of AP system profile should have IP od active controller? Should I also set backup LMS IP to standby controller?
You should only need to configure the active (ap system profile) and then in the HA config you list the IP address of the controllers with the roles you are planning to use ( active/ standby , dual )
Does Fast Failover work with AP bridge mode?
It only works for APs in tunnel and decrypt mode
Is there any command that can verify if APs are connected to both controllers because network summary on active controller displays all 30 APs but standby only 20?
You should a flag of S ( standby mode) if you run the show ap database
And you can also run the show ap standby

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: choosing right HA design

have seen you mention how you configured your controllers: master / local, master / master, ...?

 

also fixed IPs for AP and fixed master IP configuration are not the most flexible way to go, why not use DHCP for the IPs and let ADP do its work to find a master. saves a lot of trouble if you ever change something in the future.

Frequent Contributor I

Re: choosing right HA design

Thanks for information.

The only thing I'm concerned is I cannot see all APs on standby controller. All APs have the same configuration and belong to the same group. Do you have any idea why several APs cannot connect to standby controller? How can I troubleshoot it?

 

Also is there any way to synchronize configuration between controllers? I mean when I change something on active controller (add guest user, create another SSID), can it push configuration to the standby?

 

Thanks

Frequent Contributor I

Re: choosing right HA design

I agree DHCP would be better solution but customer insisted on static IPs.

 

I guess I found the reason why several APs cannot connect to standby controller. Event logs display the following information.

 

2014-05-18	20:00:59	User Authentication failed for user 192.168.5.130 with MAC address 00:00:00:00:00:00
2014-05-18	20:00:59	User Authentication failed for user 192.168.5.130 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.131 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.131 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.133 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.133 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:01	User Authentication failed for user 192.168.5.132 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:01	User Authentication failed for user 192.168.5.132 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:04	User Authentication failed for user 192.168.5.134 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:04	User Authentication failed for user 192.168.5.134 with MAC address 00:00:00:00:00:00

 

These are IPs of APs which cannot connect. Any idea why is that?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: