Wireless Access

Occasional Contributor II

Best practices for AP failover

Hi all,


I'm working through the different AP best practices for failover, trying to determine the most optimal one for my environment. In terms of my environment we deploy our controllers in a master/master-backup with no locals.


- Assign each controller an IP, and assign an IP from the same subnet for the VRRP. Configured on my DHCP server, the VRRP ip which is pushed to the client when they boot and request a DHCP address. In the AP system profile in the LMS ip address configure the VRRP ip address. As far as I understrand this is a valid way of providing HA to the AP as if the master was to die the AP would remain up and online as it has associated with the VRRP ip.


- Use HA Fast Failover, I am unsure about this method. I've read in the docs that in 6.4 you can use it in my deployment model. What I'm not sure if how the AP gets the master controller IP address? I know you configure the HA group, configure the two controllers in the group with the controller-ip. What I'm not sure about is how the AP would get an ip address if it wasn't L2 adjacent to the controller. And if it was to be given an ip address by the DHCP server, i.e. the master, then if the master was offline, the AP rebooted and DHCP told the AP to use the offline master, then the AP would not associated with the controller.


Hope this makes sense? Any advice would be much appreciated :)



Trusted Contributor I

Re: Best practices for AP failover

from what i understand VRRP is still one of the fastest and perfectly valid AP failover method.


in my opinion the HA fast failover is more for a situation where you can't have your controllers do VRRP so you need something quicker then the LMS / LMS BACKUP IP system.


as for how to get that working you seem to focus to much on a setup where the controller does all kind of things like hand out IPs to the IPs and be on the same subnet. APs can discover the controller also via DNS and DHCP option. in that case the APs can get IPs from some other DHCP server and just need an IP to connect to to setup their tunnel. with AP fast failover they will have two tunnels once they have been on the first controller once and the config has been found.


if you have any further question do let me know.

Guru Elite

Re: Best practices for AP failover

HA AP fast failover is recommended at this point and offers failover times of 1-2 seconds.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Trusted Contributor I

Re: Best practices for AP failover

what is the failover time for VRRP Tim? isn't it pretty much instant either?


why would HA fast failover be preferred? from what i read it also doesn't support fail over for RAP and bridged forwardig.


and this is also still in the 6.4 guide: "High Availability:Fast Failover providesredundancy for APs, but not for controllers. Deployments that require master controller redundancy should continue to use an existing VRRP redundancy solution."


Trusted Contributor I

Re: Best practices for AP failover

thank you victorfabian. for me that just confirms what i said, for master-master backup VRRP is the way to go. for master local AP fast failover can be useful if it fits with your deployment.


if there are other opions please share them with arguments, just stating AP fast failover is recommended without a reason or any aruba reference is confusing.

Occasional Contributor II

Re: Best practices for AP failover

Thanks for all the advice guys, all really useful. In my particular situation we will be continuing to use the VRRP IP as the LMS IP. It works well in my environment and is defined in the 6.4 user guide so I'm happy with this choice. Cheers

Contributor II

Re: Best practices for AP failover

Ok, it's a month later and it looks like some changes have been made or new configurations are supported in


I plan to configure (2) 7205's as Active/Standby and use VRRP.

Additionally, I plan to use AP Fast-failover.

My understanding is that:

- Configure the controller(s) IP address in the HA profile (and not the VRRP IP)

- Do not enter an address in the ap profile for LMS/BLMS fields

- Ensure that there is a DNS entry for "aruba-master" pointing to an "active" controller IP.


My concern is the term "active" controller IP if I'm running Active/Standby? Is the solution (2) DNS entries?


Let me know if clarification is needed.




Re: Best practices for AP failover

The DNS entry should pointed to the Active controller in the HA group
Thank you

Victor Fabian
Lead Mobility Architect @WEI
Contributor II

Re: Best practices for AP failover

So, if the configuration is Active/Standby...the DNS entry should point to the Active controllers IP. But what if the Active controller fails and now the Standby controller takes over? Is a DNS entry required for both controllers?



Active IP =

Standy IP =

If the DNS entry for "aruba-master" points to the Active controller (, how does it work in a failover situation where the Active fails and is unreachable?



Search Airheads
Showing results for 
Search instead for 
Did you mean: