Wireless Access

Hi,
I have got a new Aruba 7005 to install as slave for the master. However I have a question that I couldn't find answer into the documentatio:

 

I have the MASTER and SLAVE that the see each other and the are able to work as expected, however into the SLAVE I don't have/see any AP configured. So, I was wondering if first I need to add the APs on the second controller and then configure as slave

Thanks

Did you read the chapter here? http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/VRRP/HighAvOverView.htm?Highlight=Redundancy

It depends to which controller you are pointing your Aps to .

IF you have HA/FF you can define the controllers that will be part of your HA Group and under AP-Group > AP System Profile > you then point the AP to the main controller and the AP will use any of the other controllers in the list as backups .

To see if there's a standby tunnel created you can run the show ap database and you will see the "S" Flag which stands for Standby tunnel

Here's a good article that explains how it works:
https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-does-high-availability-fast-failover-feature-work-and-how-to/ta-p/177468

So, this is the only part found about the AP related to HA config

 

"When the AP first connects to its active controller, the active controller provides the IP address of a standby controller, and the AP attempts to establish a tunnel to the standby controller. If an AP fails to connect to the first standby controller, the active controller selects a new standby controller for that AP, and the AP attempts to connect to that standby controller."

 

What does it mean? Do I have to reboot the AP after the MASTER/SLAVE is configured.

 

I'm finding extremelly difficult work with Aruba! I spent a lot of time trying to understandthe documentation as it is always to much generic and dispersive.

Thanks anyway for your help

You do not have to reboot the AP. When the AP finds that first controller, it gets its instructions from the first controller it finds.

Hi,
Thanks for your reply. How can I verify if the APs/SLAVE have found each other?

There is no "slave".  Do you have your controllers setup as a master/local?

Yes,

They are MASTER and LOCAL

You type "show ap database" on the master controller.  The "standby ip" column should list what is the standby controller ip addres that AP is pointing to.  0.0.0.0 means that no ha is configured.

Hi,
In the master I got this

 

(SMPWAP1) #show ap database

AP Database
-----------
Name    Group         AP Type  IP Address     Status  Flags  Switch IP     Standby IP
----    -----         -------  ----------     ------  -----  ---------     ----------
SMPAP1  Yoti_default  215      10.222.123.6   Down    2      10.222.123.2  10.222.123.3
SMPAP2  Yoti_default  103      10.222.123.14  Down    2      10.222.123.2  10.222.123.3
SMPAP3  Yoti_default  215      10.222.123.13  Down    2      10.222.123.2  10.222.123.3
SMPAP4  Yoti_default  215      10.222.123.12  Down    2      10.222.123.2  10.222.123.3
SMPAP5  Yoti_default  215      10.222.123.9   Down    2      10.222.123.2  10.222.123.3
SMPAP6  Yoti_default  215      10.222.123.11  Down    2      10.222.123.2  10.222.123.3
SMPAP8  Yoti_default  215      10.222.123.10  Down    2      10.222.123.2  10.222.123.3

In the local I got this

(SMPWC2) #show ap database

AP Database
-----------
Name  Group  AP Type  IP Address  Status  Flags  Switch IP  Standby IP
----  -----  -------  ----------  ------  -----  ---------  ----------

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
       I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
       X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping
       R = Remote AP; R- = Remote AP requires Auth; C = Cellular RAP;
       c = CERT-based RAP; 1 = 802.1x authenticated AP; 2 = Using IKE version 2
       u = Custom-Cert RAP; S = Standby-mode AP; J = USB cert at AP
       i = Indoor; o = Outdoor
       M = Mesh node; Y = Mesh Recovery

This is the config on the master

(SMPWAP1) #show configuration | begin redundanc
master-redundancy
  master-vrrp 1
  peer-ip-address 10.222.123.3 ipsec 8a71f6105b11d7144f7eed4d0ec36e78fcfd206233bb1544
!

This is the config on local

(SMPWC2) #show configuration | begin redundanc
master-redundancy
  master-vrrp 1
  peer-ip-address 10.222.123.2 ipsec e649b3a722bf78598c2ac8f897c29c84ffb9f758d38c7c52
!

Based on your configuration, that looks like a backup master, not a local controller. A backup master is a backup for the master, but it cannot service APs. Local can service APs.

Configuring a backup master controller and configuring HA fast failover for APs is two different things....

You should type "show switches" on the master to see if the master/backup master relationship is working or not.

So, In backup/master scenario as mine, what happens if the master goes down? The backup takes over and will recognize the AP?

Thnks

 

(SMPWAP1) #show switches 

All Switches
------------
IP Address    Name     Location          Type     Model      Version        Status  Configuration State  Config Sync Time (sec)  Config ID
----------    ----     --------          ----     -----      -------        ------  -------------------  ----------------------  ---------
10.222.123.2  SMPWAP1  Building1.floor1  master   Aruba7005  6.4.4.5_54063  up      UPDATE SUCCESSFUL    0                       5
10.222.124.3  SMPWC2   Building1.floor1  standby  Aruba7005  6.4.4.5_54063  up      UPDATE SUCCESSFUL    10                      5 

SMPWC2) #show switches

All Switches
------------
IP Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
---------- ---- -------- ---- ----- ------- ------ ------------------- ---------------------- ---------
10.222.124.3 SMPWC2 Building1.floor1 standby Aruba7005 6.4.4.5_54063 up UPDATE SUCCESSFUL 0 5

Also, I have more than 1 VRRP instance. The masster redundancy si configurable just for one. Is it enough to failover all VRRP sessions? 

That looks like it is configured correctly.  Controller 1 has control of the VRRP.  APs must be pointed at the VRRP using DNS or DHCP options and then again in the LMS-IP of the AP System Profile of the AP Group of the APS. If controller 1 goes down, it loses control of the VRRP ip address and Controller 2 takes over, and since the APs are pointing at the VRRP ip address the APs should come up on the backup/standby controller.

 

Do not configure any Fast Failover or HA options with Master/Standby; just point the AP at the VRRP with LMS-IP and you should be set...  If you have any fast failover or HA configured, delete them.