Wireless Access

hi, 

we tried to cluster the controllers but afterwards all remote ap's went down.

 

I cannot see how clustering for RAP's should work because they connect through NAT to the controller vrrp ip and cannot reach the individual controllers.

Why is this not working? and can't i disable clustering for RAP's?

 

Hi,

are you working with version 8.x software or version 6.x ?

If you using AOS8 clustering NAT is not supported with this design , you will need to assign direct public address to each controller



Thank you

Victor Fabian

Pardon typos sent from Mobile

yes, 8.1.2 with mobility master.

And no, we are not going to put a public ip on the controller.

 

I wasn’t suggesting you do but that’s the only way you can support RAPs while using clustering.

Otherwise you will need to have separate controllers (not part of a cluster) for your RAPs or use the existing controllers with no clustering



Thank you

Victor Fabian

Pardon typos sent from Mobile

As mentioned above, it's a known/stated limitation with AOS8.x. This is due to how controller information is signaled to APs when clustering is enabled, via the nodelist, which takes priority over the previous controller discovery options.

 

The previous methods of RAP redundancy using LMS and Backup LMS IPs in combination with VRRP are still options, but due require that the controller not be a part of a cluster. 

will this be fixed in a future version?

 

This means in order to use this we have to buy 2 extra controllers.

 

Please register your request here:  https://innovate.arubanetworks.com/ so that HPE will see demand for that feature.

looks like you need to sign in as a partner or hpe employee.

no customer. nice... :(

Internally the issue has been raised and is being discussed.  I will point them back to this thread.  No need to post.

Now with 8.4.0.0 it should be possible. But is there a tech note how to configure it when using mds in cluster?

 

I set up a lab but it wan't work. I think the RAP tries to connect to the wrong controller because of AP loadbalancing. But how can we bring the RAP to the active controller???

 

On both controller the AP is flagged as 2, with different switch ip. See the logs:

Received MAP_ADD from IKE for default-ha-ipsecmap172.21.4.181 (gw 172.21.4.181) mapid 0 vlanid 0 ip 172.21.4.181 mask 255.255.255.255 src_ip 172.21.4.182 peer_ip 172.21.4.181 uplink_ip 0.0.0.0 flags 0x0


Jan 17 14:25:32  cluster_mgr[4263]: <352302> <5214> <ERRS> |cluster_mgr|  cmlb_ap_handle_ap_down_request, No entry in active table in LB-AP thread for AP with mac 00:4e:35:c0:50:ce

The RAP system-profile:

ap system-profile "rap"
    lms-ip x.x.x.126
    bkup-lms-ip x.x.x.127
    ap-console-password f07f0060babda0eb9d334d06ef1ebf796c88bc7e849bf3d0
    bkup-passwords 0709bf2b2078b3fe6c4366c3dcf8b517f4655c2841b47cb3

As soon as i would replace the primary lms ip to .127 it would work.

 

Greets Marc

Hi Marc!

 

Did you configure the Public IP -> private IP mappings in the cluster profile?

 

Are those mappings unique and static in the firewall? In other words, each port forward should always terminate on one specific controller, not a VRRP.

 

Do you use the internal RAP whitelist and not an external source?

 

Use #Show lc-cluster group-profile to verify the mappings are in fact the correct mappings and correct according to your port forwards.

 

Cheers,

Hi Christoffer

 

Yes, we have two public IPs natted to the controller IPs (not VRRP) 4500:4500 udp.

 

If I try to configure the rap-public ip it tells me: Error: RAP public ip not configured for controller 172.21.4.182, please configure RAP public IP to all controllers.

 

What does this mean exactly? Do I have to create a dummy vlan with the public ip address as interface?

 

 

Thanks and Greetings

Marc

 

 

 

 

 

 

Hi! 

 

Must be refering to this configuration:

 

(host) [cluster] (Classic Controller Cluster Profile "rapcluster") controller 10.10.10.1
rap-public-ip 100.100.100.101
(host) [cluster] (Classic Controller Cluster Profile "rapcluster")controller 10.10.10.2
rap-public-ip 100.100.100.102
(host) [cluster] (Classic Controller Cluster Profile "rapcluster")controller 10.10.10.3
rap-public-ip 100.100.100.103
(host) [cluster] (Classic Controller Cluster Profile "rapcluster")controller 10.10.10.4
rap-public-ip 100.100.100.104

 

Do you have that in place?

 

Cheers,

Hi Christoffer

 

I wasn't able to configure a rap-public-ip to an existing controller in a cluster. I created a new cluster profile with the controller and rap-public-ip without any errors. Then I moved the controllers to the new cluster profile and everything worked fine.

 

Thank you and Greetings

Marc