Wireless Access

Reply
Highlighted
Occasional Contributor II

Campus Access Points Issue

HI All,
I have a wireless Solution of Campus Access Points and only single controller (Standalone) , when controller is unreachable for Access points it goes down and reboots , Is there any solution that make Campus Access points continue its functions when controller goes down? something like flex-connect mode on Cisco? 
thanks all in advance

Highlighted
MVP Guru

Re: Campus Access Points Issue

This is the standard behaviour of a Controller and Campus AP.

 

'Remote-AP Operation' configured at the VAP level can survive a controller going down but it depends on the forwarding mode and authentication type (this is why you plan for redundancy) . You need to however be aware of the VAPs forwarding mode (e.g tunnel vs bridge / PSK vs dot1x) and how this is affected if the controller is down. Just to note converting an Campus AP to a Remote AP is a different operating mode entirely and may not be suitable for your environment.

 

https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/arubaos-solutions/virtual-ap/conf-vap-prof.htm?Highlight=virtual%20ap

 

Another option is to consider Aruba Instant and the Virtual Controller architecture which is a 'controller-less' solution so there APs would not reboot in the event of a controller rebooting.

 

Have you considered adding a redundant controller in order for the APs to remain up if the controller reboots?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor II

Re: Campus Access Points Issue

what's the consequences of changing the dot1x to preshared key mode?

Highlighted
MVP Guru

Re: Campus Access Points Issue

dot1x is far more secure, so this 802.1X verses a pre-shared key in short.

 

If the reboots of the controller or the controller is unreachable is unplanned thus causing an unexpected outage this should be investigated first. If you run the command 'show version' from the CLI it will provide you with the latest Reboot Cause. 

 

If you can provide further information on your environment we might be able to assist more.



ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor II

Re: Campus Access Points Issue

I'm asking about this because i want to give wireless solution for a customer not because there's a problem makes the controller reboots ,
so if i changed the forwarding mode of SSID to bridge mode instead of tunneled mode, would it help to keep the AP running if the controller reboot? and is there any consequences in addition to guest and captive portal issue?

Highlighted
MVP Expert
MVP Expert

Re: Campus Access Points Issue

In bridge mode the client traffic is directly placed on the network from the AP and don't hit the firewall on the controller.

 

Captive-Portal what is in fact a "dns-redirection" is configured in the user role/acl and is processed by the firewall on the controller.

 

Therefore captive-portal will not work in bridge mode.

 

Some reference:

https://community.arubanetworks.com/t5/Wireless-Access/APs-in-Bridge-Mode-and-external-server-ClearPass-for-Captive/td-p/246995

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Highlighted
Occasional Contributor II

Re: Campus Access Points Issue

Great i realized this fact about Captive portal , my queston is about using bridge mode with campus Access points (not RAP) would it help in the main problem of keeping the APs running when controller is down? 

Highlighted
Guru Elite

Re: Campus Access Points Issue

To put this in perspective, a controller does not "go down" often.  You will have maintenance like upgrades and reconfiguration that would involve a reboot and things like that you would schedule.  For other people who want more protection, they would purchase a second controller to back up the first and if anything happens to the first controller, they would deploy a second controller.  For customers who do not want a second controller, they would run their access points in Instant mode, that does not require a centralized controller...  One of the access points would be the Virtual Controller that would be responsible for configuration and monitoring.

 

The big difference with instant is that every access point would have to be placed on a trunk for all of the VLANs that you are putting users on.  The controller-based network would only require a trunk connected to the centralized controller.

 

There is no need to jump through hoops with bridged mode and Always on SSIDs to protect against a centralized controller going down, even though that does not happen often...

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: