11-24-2015 02:52 AM
Appreciate that this is a rather basic question, but this is something that is puzzling me somewhat.
I am trying to get a full understanding of what exactly the definition of 'controller-ip' is, and what exactly it is used for. Documentation I have found on line suggests terms along the lines of 'it is used for management', 'APs must always be able to reach it', etc.
I've setup a lab at home using x2 3600s I have.They are setup as master/standby. I also have a single Cisco switch to form a port-channel between the switch and each of the 3600s. On the Cisco switch and 3600s I have defined two vlans 17 and 172. I also have defined layer 3 interfaces for each of the vlans (vlan17: 192.168.1.2 and vlan172: 172.31.248.2 on the master and vlan 17:192.168.1.3 and vlan172: 172.31.248.3 on the standby). Right now the controller IP is set to vlan 17.
I have defined a VRRP instance between the two 3600s using vlan172, with a VIP of 172.31.248.1. This IP address is also defined as the LMS-IP in the AP system profile.
I have also setup a DHCP scope for the APs to join the controller (172.31.248.0/24), and have spanned out the port to Wireshark to review the output. I have defined option 43 (172.31.248.1) and option 60 (ArubaAP) in the scope, and the APs join the controller with no issue.
When I review the output of the communication between the AP and the controller I see no use of the controller IP, I am obviously just seeing the communcation from the AP to the LMS IP. When I review the AP database I do see 'Switch IP' which refers to the controller-ip.
My question is therefore what exactly is the controller IP used for with respect to APs joining the controller? Are there some innner workings that are going on in the background when the AP joins the controller using the LMS-IP?
Any help would be much appreciated as I'm struggling to clear this one up in my mind.
Solved! Go to Solution.
11-24-2015 05:40 AM
Best way to think of the controller-ip is that it's the default management vlan. It's the vlan the controller uses to set as the default interface for things like PAPI, AMON, RADIUS, etc. Now if AP traffic comes in on another VLAN, something that is directly connected in your case, it will still work, but for anything routed, it might not. So when you have multiple VLANs configuired for a controller, the best practice is to set the controller-ip to the VLAN you consider the 'management' VLAN where most of the controllers administration traffic, RADIUS, AirWave, etc will need to be confined within.
Distinguished Technologist, TME