briefly, AP is in the same site with the controller but i used the remote mode because i have only one controller and i need to keep SSID broadcasting if the controller is down , my question about the lost features of remote AP Convert , are they similar in all features or i will lose some of them?
thanks all in advance
There are ways to allow for some RADIUS survivability, but see the following:
The fallback mode (also known as backup configuration) operates the remote AP if the master controlleror the configured primary and backup LMS are unreachable. The remote AP saves configuration information that allows it to operate autonomously using one or more SSIDs in local bridging mode while supporting open association or encryption with PSKs. You can also use the backup configuration if you experience network connectivity issues, such as the WAN link or the central data center becomes unavailable. With the backup configuration, the remote site does not go down if the WAN link fails or the data center is unavailable.
You define the backup configuration in the virtual AP profile on the controller. The remote AP checks for configuration updates each time it establishes a connection with the controller. If the remote AP detects a change, it downloads the configuration changes.
The following remote AP backup configuration options define when the SSID is advertised
Always—Permanently enables the virtual AP. Recommended for bridge SSIDs.
Backup—Enables the virtual AP if the remote AP cannot connect to the controller. This SSID is advertised until the controller is reachable. Recommended for bridge SSIDs.
Persistent—Permanently enables the virtual AP after the remote AP initially connects to the controller. Recommended for 802.1x SSIDs.
Standard—Enables the virtual AP when the remote AP connects to the controller. Recommended for 802.1x, tunneled, and split-tunneled SSIDs. This is the default behavior.
How big is your deployment? What is the AP part number that you are using for APs?
You need to understand that RAPs are designed for 1 AP per site and they are not optimized for roaming.
We usually recommend either
1) Campus APs with redundant controllers
2) Instant AP Clusters
I do understand that you want your network to be up even if a controller fails, but you need to weigh the benefits of RAPs in backup mode (which only happens when the controller fails and might provide bad roaming experience) vs APs providing optimal experience to end user devices (which is the majority of the time)
Note: The majority of APs now are being shipped as unified APs so they can work as Campus APs or Instant.
If you need the SSID to stay up if the controller connection is down, you either should make the controller high-available so it can't go down (please note controllers are unlikely to fail), or need to look for Aruba Instant which doesn't need a controller and does all operations locally on the AP.
Given that requirement to keep SSID up with controller down and no secondary controller you will not be able to achieve that with controller APs. Aruba Instant is the proper way to deploy such a scenario.
Running APs as remote AP on a LAN network to keep the SSID up is not recommended nor supported (check here).
You should not run campus APs (with controller) in bridge-mode in general (check here, and here, and here) and especially not to compensate for a controller down situation.
What is the reason/functionality you need a controller?
If your APs support (IAP or Universal AP), switch to Instant mode. What type of APs to you have (please check the sticker on the back with codes like AP-215/IAP-305-RW/AP-515-RW)?
Do you have a local Aruba partner or direct Aruba contact? If so, please reach out to them to discuss interactively the best options.
To stir this a bit, how does IAP cluster work when we lose Central connectivity?
Asking as from what I've understood, even if you compare the basic licensing with AP+PEF+Airwave+support to Central licensing there is not much different. (And then there are other benefits when using Central).
So choosing between RAP with on-prem controller and Central could be an option?
IAP keeps working when not connected to central. You can configure the IAP on the VC when there is no central connectivity.
Please open a new thread if your questions are not related to the initial question.
Thanks I'll open my own thread for the other questions.
For the OP, one option would be to go with Central. I don't think there are any upfront costs like with the second controller, but you only pay for the APs you actually have in the management.
We have couple thousand APs in our controllers but we're also looking at the Central options, it's really worth checking out.
I agree with the guidance of IAP cluster and a central controller. In this setup the AP do not rely on the controller to stay up. Also if you need certain things to go directly somewhere to say a DC you can use your underlying network to route traffic to your DC... But if you must have the controller you can do some pretty cool things with IAP-VPN to multiple controllers and the APs do not require the controller to function...
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.