Client State Sync with AP Fast Failover
State synchronization improves failover performance by synchronizing client authentication state information from the active controller to the standby controller, allowing clients to authenticate on the standby controller without repeating the complete 802.1X authentication process.This feature requires you to configure the high availability group profile with a pre-shared key. The controllers use this key to establish the IPSEC tunnels through which they send state synchronization information.
- The design of master redundancy is independent of AP fast failover. Master redundancy needs to be configured to ensure the AP will be able to contact the Master controller upon reboot. Another option would be to configure VRRP between the master-local pairs to provide master redundancy.
- When the HA roles of the controllers are set to dual, the active controller will be determined by the LMS-IP setting in the AP system profile and the standby controller will be selected from the list of controllers listed in the HA group in the round-robin fashion.
- Multiple HA Groups can be defined but each controller can only be assigned to a single HA group.
- The controller IP or switch IP of the controller must be used when defining the controller in the HA group profile.
- The "ha group-membership" is a local command and needs to be executed on each local controller.
- HA group membership is independent of the controller role. For example, AP Fast Failover could be setup between two masters, but the administrator needs to make sure that the configuration and relevant network configurations are similar between the two controllers.
The AP fast failover feature supports APs in campus mode using tunnel or decrypt-tunnel forwarding modes, but does not support campus APs in bridge mode. This feature is not supported on remote APs and mesh APs in any mode. Legacy AP‑60 series and AP‑70series APs also do not support this feature.
Client state sync is only supported on a pair of controllers in a HA group.
Sample Lab Topology
Aruba Mobility Controller 3600-US running AOS version 18.104.22.168.