ArubaOS and Controllers

Occasional Contributor II

Master controller redundancy and session-acl config changes


I ran into a problem when running a redundant master setup. The issue is that I don't seem to be able to modify session based acl on the backup master, nor does the active master pass the changes made to backup master.

For example:

On active master:
(Aruba200-Demo) (config) #ip access-list session my-own-ses-acl
(Aruba200-Demo) (config-sess-outside-interface)#any host udp 4500 permit

On backup master:

(RDNT-WLC01) (config) #ip access-list s?
standard Standard Access List
(RDNT-WLC01) (config) #

It this expected behaviour? If yes, how do I get around this? I've thought about changing VRRP priorities to manually force active-backup transition but then again, is there a better way?

I appreciate your ideas!
Guru Elite

Re: Master controller redundancy and session-acl config changes

The backup master functions basically as a local controller and gets all the ACLs from synchronization with the main master. You cannot configure ACLs on the backup master, unless it becomes the master controller.

Type "show switches" on the commandline of the master to see if it is synchronized with the backup master. You can also type "write mem" to push the config from the master to the backup master.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Master controller redundancy and session-acl config changes

Cheers Colin, and thanks for your input.

I also found an error in my setup: controller-ip was different from the master-redundancy VRRP instance, this caused some problems in synchronizing the configuration. Now I have a working setup.
Search Airheads
Showing results for 
Search instead for 
Did you mean: