Can anyone confirm if vlan pooling (named vlans) has any vlan High Availability feature? example. Vlan 10 and 20 in the named pool CORP_VLANS. User role assigns this pool to an authentication on a VAP but all ethernet or tunnel interfaces carying vlan 20 are down. Regardless of hash or even assignment, will devices still be assigned to vlan 20?
Testing this it looks like yes.
Yes. You should use a Named VLAN that corresponds to VLAN 20 on your main controller and corresponds to whatever VLANS are available on your backup controller.
So availability is factored in for the vlan assignment? If the tunnel carying vlan 20 is down, then vlan 20 is no longer an option for assignmnet in the pool?
I'm looking at a different use case. Not Master standby or 2 locals in HA. I'm trying to use 2 GRE tunnels on the same local controller. One tunnel with vlan 10 other with vlan 20. Neither Hash or Even vlan assignmnet seems to look at vlan status. Regardless if the vlan is down (all tunnels or trunks with the vlan are down), it will still assign the vlan.
Correct. Both VLANs must be available, otherwise there will be a black hole for the clients hashed into the unavailable VLAN.
Not ideal for my scenario where I would like to distribute users across the 2 tunnels in active/active tunnel mode. I know we can do active standby tunnel groups but I was looking for an HA solution for active/active. We are using OS 6.5. I think 8 may offer a solution. Or we move to active standby tunnel groups when infrastructure permits it.
What is your design? What is the purpose of distributing users across two tunnels?
For BYOD we have a single local VLAN that is L2 bridged on 2 GRE tunnels to 2 seperate DC based controllers that are standalone masters. The subnet for each BYOD net is different per DC. It's not ideal for client HA but inter-DC links at the time made it the only option. So client distribution happens via DHCP. I was attempting to do a NAT rule for these clients on the local controller. It appears impossible as I would need an IP address of each net on a single vlan SVI at the local controller. Secondary IP is not supported. I thought seperate vlan and pooling could help. But that would break the client failover if a DC or GRE tunnel was down.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.