I'm trying to replace a M3 master controller with a 7210 new with the same master role and ip configuration.
Our network is made of one M3 master controller and 3 7210 local controllers, with centraliced license and cpsec enabled.
The documentation says that when the new master controller is bring up (7210 controller), it generate a new certificate which is sent to local controllers and then to AP to secure access (cpsec behaviour).
The question is, assuming that I can migrate all AP to only one local controller and leave the other two with no AP, the new certificate is sent automatically from master to all local or I need to reboot the local controllers in order to get the new certificate?
What I'm trying to do is to restart each controller one by one and when it gets the new master certificate then migrate groups of virtual AP in order to avoid an entire AP rebooting in all network.
All of the APs will need to recertify and reboot. You should plan this during a maintenance window.
Yes, I know all AP should reboot, that's not the question.
The question is if local controllers reboots immediatlely after the master is replaced, I mean does the local controllers detect the master replacement and automatically reboot or the reboot must be done manually?
If the reboot is manually, does the associate AP lose service until the local controller is reloaded or not?
I'm thinking in replace the master controller on the morning and reboot local controller the same day on the night when the AP doesn't have clients.
You can try this:
- Backup the flash on all controllers and copy them off the controllers.
- Add a VRRP to the existing master's management VLAN and make the master a priority of 200 on that VRRP.
- Change the masterip on your local controllers to point to the ip address of that VRRP (will require reboots of those controllers).
- Validate that they show up on the existing master, as well as all of the APs.
- Add the new master as a backup master
a- prepare it to make sure it has the same version of ArubaOS as that master
b- create a VRRP with the same number with a lower priority on that same management vlan.
c- make sure it becomes a backup to the master on that VRRP.
d- configure master redundancy and reference that VRRP.
e- Type "show switches" on the current master to make sure that it sees the new controller as a backup master
- If you remove the original master, the backup master should take over and have a copy of the centralized licensing database, as well as the cpsec whitelist.
You will have to test all of the steps above, because you might have things configured in a way that will not allow the general steps above to work. If you feel uncomfortable about the steps above, please contact TAC for them to walk you through it.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.