Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

How to break up a master-local conmfiguration

Jump to Best Answer
  • 1.  How to break up a master-local conmfiguration

    Posted Jun 06, 2014 04:44 AM

    Hi All

     

    Can someone point me to some documentation about reconfiguring a master-local configuration to an all master config, please?

    The current master controller is a 6000 series controller the local controllers are 3200 series boxes.

     

    Thank you in advance

    Zsolt

     


    #3200


  • 2.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 05:34 AM

    On the locals

     

    no masterip

     It will need a reboot after that, and when it comes back it will be a master.

     



  • 3.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 06:34 AM

    Thats easy :). Thanks. Should I be careful of anything (e.g. internal database, RAP whitelists)?



  • 4.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 06:40 AM

    That will depend on your configuration, what you are trying to preserve, where you are needing to home APs to and what kinds of APs (CAPs, RAPs, etc). 



  • 5.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 07:12 AM

    We have CAPs and RAPs on each locations. After breaking up the master-local relationshipwe have to retain all existing CAPs and RAPs and all of the MAC authentication informations across the entire organization.

     

     



  • 6.  RE: How to break up a master-local conmfiguration
    Best Answer

    Posted Jun 06, 2014 07:48 AM

    The MAC auth info will be in the local-userdb which you can export and then import into the locals.

     

    In 6.3 the way that RAP whitelist was stored changed, and I can't work out how to do a bulk export.  You can view the entries with

     

    show whitelist-db rap

     It seems like you need to add each rap entry individually with the command.

     

    whitelist-db rap add mac-address aa:aa:aa:aa:aa:aa ap-group <group> ap-name <name>

     

    In pre 6.3 it was relatively easy because the rap whitelist was in the local-userdb-ap.

     

    If anyone knows a way to export the RAP whitelist in 6.3 and above, please advise.



  • 7.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 09:26 AM
    (192.168.1.3) #local-userdb export filename
    Successfully exported 4 users and 4 CPSec Whitelist 3 RAP whitelist entries from the Internal User Database to filename
    

     



  • 8.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 09:29 AM

    d'oh.  same as before then.  Thanks Colin.



  • 9.  RE: How to break up a master-local conmfiguration

    Posted Jun 16, 2014 11:07 AM

    Thanks! This worked for me.

     

    Kind regards

    Zsolt



  • 10.  RE: How to break up a master-local conmfiguration

    Posted Jun 06, 2014 06:47 AM

    Anything handled by the master such as guest accounts, rap whitelists, macine-auth entries can be exported from the master and then imported in the locals.

     

    If you have cpsec enabled, then all your APs will reboot and need to be recertified.  This will mean a slightly longer outage than just the controller rebooting.

     

    If you have some advanced IDS stuff going on and/or it is a large deployment, might be worth exporting the WMS database as well.

     

    It can be a relatively straightforward, but as jhoward mentioned, it will depend on your current config.