HI All,I have a wireless Solution of Campus Access Points and only single controller (Standalone) , when controller is unreachable for Access points it goes down and reboots , Is there any solution that make Campus Access points continue its functions when controller goes down? something like flex-connect mode on Cisco? thanks all in advance
This is the standard behaviour of a Controller and Campus AP.
'Remote-AP Operation' configured at the VAP level can survive a controller going down but it depends on the forwarding mode and authentication type (this is why you plan for redundancy) . You need to however be aware of the VAPs forwarding mode (e.g tunnel vs bridge / PSK vs dot1x) and how this is affected if the controller is down. Just to note converting an Campus AP to a Remote AP is a different operating mode entirely and may not be suitable for your environment.
Another option is to consider Aruba Instant and the Virtual Controller architecture which is a 'controller-less' solution so there APs would not reboot in the event of a controller rebooting.
Have you considered adding a redundant controller in order for the APs to remain up if the controller reboots?
what's the consequences of changing the dot1x to preshared key mode?
dot1x is far more secure, so this 802.1X verses a pre-shared key in short.
If the reboots of the controller or the controller is unreachable is unplanned thus causing an unexpected outage this should be investigated first. If you run the command 'show version' from the CLI it will provide you with the latest Reboot Cause.
If you can provide further information on your environment we might be able to assist more.
I'm asking about this because i want to give wireless solution for a customer not because there's a problem makes the controller reboots ,so if i changed the forwarding mode of SSID to bridge mode instead of tunneled mode, would it help to keep the AP running if the controller reboot? and is there any consequences in addition to guest and captive portal issue?
In bridge mode the client traffic is directly placed on the network from the AP and don't hit the firewall on the controller.
Captive-Portal what is in fact a "dns-redirection" is configured in the user role/acl and is processed by the firewall on the controller.
Therefore captive-portal will not work in bridge mode.
Great i realized this fact about Captive portal , my queston is about using bridge mode with campus Access points (not RAP) would it help in the main problem of keeping the APs running when controller is down?
To put this in perspective, a controller does not "go down" often. You will have maintenance like upgrades and reconfiguration that would involve a reboot and things like that you would schedule. For other people who want more protection, they would purchase a second controller to back up the first and if anything happens to the first controller, they would deploy a second controller. For customers who do not want a second controller, they would run their access points in Instant mode, that does not require a centralized controller... One of the access points would be the Virtual Controller that would be responsible for configuration and monitoring.
The big difference with instant is that every access point would have to be placed on a trunk for all of the VLANs that you are putting users on. The controller-based network would only require a trunk connected to the centralized controller.
There is no need to jump through hoops with bridged mode and Always on SSIDs to protect against a centralized controller going down, even though that does not happen often...
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.