I am trying to figure out the best controller design for our environment, and also add in another controller. I have been reading the reverence design and looking at our current configurations, but getting more confused as to the best route and how we are currently set up. I believe we have some inconsistencies that I will need to straighten out as I go forward.
We currently have two 3600 controllers in a master/local configuration. Each controller is licensed for 128 WAPs. I have a third 3600 that I need to put into service to add redundancy that is licensed for 64 WAPs. Our sites are grouped with AP groups. The master supports 3 sites (site 1 has 57 WAPs, site 2 has 22 WAPs, site 3 has 1 WAP = 80 total) and the local supports 2 sites (site 4 has 21 WAPs and site 5 has 34 WAPs = 55 total) too many to just swap between the two in a failure. My thought for the best setup so far is to put the new 3600 into service as the master with no WAPs, demote the current master to a local. The reference designs seem to push for a master with no WAPs. In the event of a failure I would group the AP groups of each local to use the master as one backup and the other local as the other. For instance I would build the AP group for site 4 to use local 1 as the primary and local 2 as secondary (via VRRP) and site 5 would use local 1 as the primary and the new master as the secondary. I would do something similar for the other sites. This way if the master goes down, no one would be affected, if a local went down then about half would be for a short time.
The other option would be to just add the 64 licensed controller as a new local and move some AP groups to it, and leave things as is. Is there another option that would be best?
I also think we have some inconsistencies with LMS and VRRP. We have two VRRP instances, 1 and 2:
(ArubaSlave) #show vrrp
Virtual Router 1:
Description Secondary
Admin State UP, VR State MASTER
IP Address 172.25.64.210, MAC Address 00:00:5e:00:01:01, vlan 1
Priority 150, Advertisement 1 sec, Preemption Enable Delay 0
Auth type NONE ********
tracking is not enabled
Virtual Router 2:
Description VIP 220 Primary
Admin State UP, VR State BACKUP
IP Address 172.25.64.220, MAC Address 00:00:5e:00:01:02, vlan 1
Priority 100, Advertisement 1 sec, Preemption Enable Delay 0
Auth type NONE ********
tracking is not enabled
But I also see that we have an AP system profile that specifies an LMS ip for the VRRP instance that the master is primary for and the other for the VRRP that the local is primary for. There is no backup-LMS specified.
ap system-profile "VIP 210"
lms-ip 172.25.64.210
!
ap system-profile "VIP 220 Primary"
lms-ip 172.25.64.220
Is this the correct way of setting up VRRP and balancing the WAPs between controllers? I see in the reference designs the concepts but these low level commands I am having trouble finding examples for.
Last question, in a master-standby configuration, the standby cannot have any WAP’s, correct?
#3600