we are planning setup 2 x 3200 Controllers to Master/Master-standby redundancy. I'm just curious that once the VRRP redundancy been setup, does the Master-active configuration will auto sync to Master-backup controller? if not, should i manually copy the configuration of Master-active to Master-backup?
VRRP it's just one part of the redundancy configuration.
Now you need to config your controllers to work in Master | Master standby mode - so yes there is a sync of config. (if you configured it in the right way)
There are some things that are not synced, such as VLANs, IP addresses, DHCP pools, host name, etc...(internal database can only exist on one controller,)
- VLANs- VLAN interfaces- Spanning tree configuration- clock summer-time config- clock timezone- login banner- location setting- tunnel interfaces- snmp-server configurations- Ethernet port configurations- port-channels
Be sure to read this guide: (Page 46)
Also... (to make an easier life for you) :)
I attached for you some good guide (a bit old - but will give u some idea) to this post.
Have a lovely day.
Thanks for your information!!~~~~
Also a big one that caught me off guard was certificates. They are not sync'd so be sure to add those manually to both controllers.
Confused here with Master/Backup when there are several VLANS and SSIDs. As I have several VLANS on the existing Master (that I want mirrored if you will on the backup), do I have to configure a VRRP instance for each VLAN? All the examples I have seen pertain to a single VRRP instance or VRID.
I have several SSIDs on several VLANs that support internal/guest/etc wireless clients. Firewall policies tie to IP addresses of the existing VLAN IP. I realize I have to migrate to a VIP but do I have to do the same for all VLANS and the associated IPs? That is the only thing that makes sense to me.
Vlan Numbers, if specified in Virtual APs are consistent between masters, backup masters and locals. On each Master, backup master and local, a numbered VLAN can correspond to a different subnet, or even a different port. How VLANs are interpreted on each physical controller can be configured differently from controller to controller.
A VRRP, on the other hand has a few different functions:
- Between master and backup master on a management VLAN, it determines who is the master
- It can also be used to present a single ip address that access points terminate on, so that the controller with priority will handle all the access point traffc; if that controller goes away, the backup controller will then handle all of the traffic going to that same shared ip address
- Less used is putting a VRRP on a VLAN so that clients that have that ip address as a default gateway can fail over to an opposite controller; typically the VRRP or HSRP ip address is configured on two layer 3 switches that end up being the default gateway of your clients. The controller in most situations is not the default gateway for client traffic.
The short answer is that NO, you do not have to configure a VRRP for each VLAN.
I have a similar situation. Any answer on this?
From what I understand (and done simple tests), you have to do NAT and session tracking up-stream. Aruba does not have a true H/A solution. What I did and what was suggested:
Do NAT upstream of the controller (i.e. on your firewall) and let that be the default gateway of the clients instead of the controller IP. If one of the controller fails, the client is still sending to the firewall as the default gateway. Session data is maintained there too so the client may see a delay but shouldn't lose the session.
What I did was connect the "outside" interface of the controllers to the firewall. The clients then are always sending to the firewall as their default gateway. The controllers decide which one is active.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.