Wireless Access

Im trying to keep this explanation simple, as I could rant on about the config for a while.. but hoping its a fairly straightforward answer...

We use 3 vlans for controller/ap management...  vlan 10 for controller managment, then 11 & 12 are used for AP termination.  We have a master/local setup, but terminate APs on both, controlling this by using the LMS address from vlan 11 & 12.  11 being master on the master, and backup on the local, and vica versa for vlan 12.  We were "tinkering" with some config (to resolve anther issue we had), and all of a sudden lost the master controler (vlan 10) and all of the AP's disappeared.. vlan 11 & 12 were fine, so I was a little suprised that the APs simply disappeared from the master... and never appeared on the local.  I know that if the controller rebooted the APs would shift accross, the same if we closed down either 11 or 12 on whichver was the vrrp master, but not sure why what happened, happened....

I had assumed that we could lose the controller management network (vlan 10) which would ultimately break the link between the two controllers, but as the APs terminate via vlan 11 & 12, they would still be connected...

The AP redundancy is handled with vlan 11 & 12, across which the APs are split, using the LMS address... So on the Master contoller, vlan 11 is the Master, and the Backup on the local, and the opposite for vlan 12, so we can "balance" the AP groups across both.

I dont understand why vlan 10 dropping would cause the APs to disappear.  I thought this would only happen if the controller dropped off the network, rather than just the management vlan... as vlans 11 and 12 were fine.

The controller-ip is the only ip address that an AP can really communicate with a controller on.  If a controller has multiple ip addresses and an AP contacts it on one of its ip addresses, it is immediately redirected to the controller-ip of the controller and it continues to communicate on that address.  Your APs might be pointed at a different ip address on the controller for the lms and backup lms, but the AP is always immediately redirected to the controller-ip of the controller.

I hope this helps.

On each controller type "show controller-ip" to see what is the controller's true management ip address that APs must communicate on.  To see what  switch ip address APS are communicating with, the "show ap database" command should show you:

(Aruba7005-US) #show ap database

AP Database
-----------
Name         Group    AP Type  IP Address     Status            Flags  Switch IP    Standby IP
----         -----    -------  ----------     ------            -----  ---------    ----------
Delta1-225  default  225      192.168.1.115  Up 3d:14h:6m:24s  M2     192.168.1.3  0.0.0.0
Gamma-225   default  225      192.168.1.90   Up 6d:7h:45m:4s   M2     192.168.1.3  0.0.0.0

Ahh.. ok...  I understand.   

Im now wondering if how we have things is correct.  The LMS IP that is currently set is the VRRP IP for either vlan 11 or 12 (depending upon which controller the AP group is connected to).  I had therefore assumed that the AP was communicating to the controller via this IP, and not via its true management IP.

Shoud we therefore have VRRP set for the management vlan, and have aruba-master resolve to the VIP?  

Time to brush up on some theory mehtinks!