This issue has completely stumped me and am hoping you can help.
Situation is as follows:
I have two 7205 controllers setup as active-standby across 2 sites. I also have two DHCP servers at each site. I set up a new scope for clients on the DHCP server where the standby controller is and wanted to set it up so that all clients get their IPs from that DHCP server.
Site A = master controller and backup DHCP server
Site B = standby controller and main DHCP server
I have set up 2 AP System Profiles: One of them is configured so that the Site A controller is the LMS with the Site B controller as the backup LMS (SysProfileA) and the other profile configured vice versa (SysProfileB).
A DHCP helper address has been set on the client VLAN to the main DHCP server at site B.
I also set up AP groups for each site and set the respective AP system Profiles. So "SysProfileA" in the "Site A" AP group and "SysProfileB" on "Site B" AP group... and this is where the problem starts:
Clients are able to get IP addresses fine at Site B.
Clients cannot get IP addresses at Site A.
The only way to get clients at Site A to get IPs is by changing the AP (one which I'm testing) to come under the Site B AP group (and thus the LMS being the standby rather than the master) which is what I don't want. I have compared the two AP System Profiles and they are both identical with the exception of which controller is the LMS.
I hope I have been able to articulate this issue as it's almost confusing just to describe it.
If you need more info or configs I am happy to provide it.
Does the controller at site A have a physical interface with the client VLAN trunked to it?
Thanks for the speedy response
Yes the client VLAN is trunked to the controller at Site A. As in it is tagged on the uplink interface to it.
A detail which I didn't mention (because I wanted to keep the description of the issue as simple as possible) was that I had previously created a separate AP group for a satellite building at Site A and this group is configured with SysProfileA. APs in this group work fine and clients are getting the desired IP addresses. I triaged as follows:
- put the test AP in the the Satellite AP group - didn't work
- physically plugged the test AP in the satellite building under Site A AP group - didn't work
- Still physically at the satellite building but changed it to the Satellite AP group - didn't work
Another thing I didn't mention was that I needed to create a new IP address scope on the main DHCP server at Site B and ever since that scope was created it seems whatever AP I add to the network using SysProfileA doesn't work no matter where I physically connect it.
Thinking about this further I actually think it might be an authentication issue rather than routing or switching. But can't see why it would work for one system profile and not the other???
I'm open to any other suggestions/ideas
If you are using LMS-IP based failover, the radio does not go down on the AP upon failover, so the client does not request a new ip address. With LMS-IP-based failover, you typically have to make it the same subnet.
With HA Fast Failover (newer failover method), the AP does send a deauth to clients before it fails over, so the client is free to request an ip address. Information on how to configure HA instead of LMS-IP based failover is here: http://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VRRP/HighAvFastFailover.htm%3FTocPath%3DArubaOS%2520User%2520Guide%2520Topics%7CVirtual%2520Router%2520Redundancy%2520Protocol%2520(VRRP)%7C_____5
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.