Wireless Access

Hey,

we just got a second 7210 controller and I wanted to add it to our exicting setup (2x VMM and 1x 7210). I configured it to be in a cluster (confirmed it has established a L2-Cluster via the command line) and VRRP in the VLAN that the APs are using (i followed the instructions form this video https://youtu.be/nbhRBD6VEzA). I can ping the APs from both controllers.

However only one AP is connected to the cluster after the conversion and it does not broadcast any SSID (it appears "up" in the web interface, but "down" if I enter "show ap database").

I tried upgrading to 8.5.0.1, but that did not solve the problem. What could be the issue here?

I had a TAC remote session on this issue yesterday. It seems to be caused by a session ACL called "wan-uplink-protect-acl" which is applied to all interfaces and prohibits connetion between the two MDs. Even the Aruba engineer could figure out how to remove it and he asked me to do a "write erase all" and configure it as a new MD. After doing this the ACL appeared again. We tried downgrading the OS but it did not let us remove the ACL.

Does anybody have an idea how this could be solved?

That should only come into play if that ACL is applied to an interface or if you are running an SD-WAN branch of code.  Are you mixing a VMM and a hardware controller in the cluster? You are not prevented from doing that, but you should not.

Did you configure the VMM properly with forged transmits and promiscuous mode?  https://community.arubanetworks.com/t5/Wireless-Access/AOS-v8-VRRP-issues-with-VMMs-on-Lab-ESXI-Server-6-5/td-p/364544

The ACL was enabled on the uplink interface and could not be removed.

In finally was able to remove the ACL. Those were the steps necessary to remove:

- Enable "PEF" Feature in MM
- Create session ACL "remove-me"
- Log onto MD1, enter disaster recovery mode
- apply ACL "remove-me" to interface, write memory
- remove ACL "remove-me" from interface, write memory
- Disable "PEF" in MM

After this procedure I was able to form a L2-Cluster that seems ok, however the APs are not broadcasting any of the configured SSID. APs are shown "down" in Mobility Master.

I deleted the cluster again and everything is fine with just one controller.

Sorry that was the account of my organisation, but it is still me :)

Do you have the VM configured with the parameters above?

Our two VMMs are configured as described. I don't see how the VMMs should be a problem, they are running fine for a long time now and were part of a Cluster we had for evaluation some months ago. It is just a configuration on one of the MCs that seems broken.

When your situation has problems, and you don't know what has been configured, you simplify as much as possible to get to a vanilla configuration with few variables.  If it worked before, it might have been limping along, so it is best to get to a simple known good configuration.  With that being said,   I am sure that TAC has much more informaton than I do about your issue and it would be good for you to report back  on your progress.