I need to change 'lc-cluster group-profile' settings for md controller. Current configuration line is: 'controller 10.82.168.24 priority 128 mcast-vlan 0 vrrp-ip 10.82.168.20 vrrp-vlan 1068 group 0 rap-public-ip 0.0.0.0'
'controller 10.82.168.24 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 0 rap-public-ip 0.0.0.0'
Access points are using cluster vrrp address 10.82.168.20.
Can I disable cluster group-membership so I can make this change without losing APs pointed to this vrrp address?
Once APs discover to a controller in a cluster, it is assigned a Primary Controller by the cluster leader and connects to that controller (MD) from then on. It also download the nodelist, which is a list of the controller ips in the cluster. That AP no longer uses that VRRP address to connect, so you should be good.
Just some additional thoughts. Is LMS-IP configured to point to 10.82.168.20? Don't forget to change that if it is. You can point it to one of the MCs or you could manually configure a VRRP between the two MCs and point the LMS-IP to that VIP (for those who are reading this at a later time, the LMS-IP should not point to any of the VRRP-IP addresses that are configured as part of the cluster configuration, which it appears is what is being corrected in this thread. In fact, the VRRP-IP that is part of the cluster should only be used by the system for authorization server interaction [ASI]). As cjoseph mentioned, once the AP is initially booted and connects to a controller in the cluster, the LMS-IP is no longer (except in rare complex configurations) a concern.
I hope this helps,
Thanks for the reply. We don't need the ASI feature. I am setting LMS-IP addresses for a RAP group to point to individual MCs in a cluster. I have a public VRRP-IP for the 2 MCs. Should I set the LMS-IP to the VRRP-IP instead of the 2 individual public MC addresses? This part of the documentation isn't very clear.
Technically, the VIP would be better. If you have MC1 and MC2, and you are pointing to the VIP, if one MC is down, the AP would be directed to the other. Reality is that the LMS-IP really is only of significance when a new AP is added to the network. Once the AP communicates with the LMS-IP, the AP is assigned an AP anchor controller (AAC), which the AP stores as the first entry in the node list, which is stored as an environment variable in the APs flash. In addition to the AAC, the other cluster nodes are (randomly, as far as you know, but there is probably some behind the scenes rhyme or reason; I don't know what it is) added to the node list. Any time the AP boots in the future, the AP uses the node list to communicate with the cluster.
So, if you have a VIP between the cluster nodes, point the LMS-IP to it. If you don't, you can either create one, or just point the the LMS-IP to one MC and point the backup LMS-IP to the other MC and you should be fine.
Thanks David. I appreciate the response and details. I'm also enjoying your Version 8.x book.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.