Wireless Access

Contributor II

Controller redundancy with EAP-TLS authentication



we have two 7210 type controllers running ArubaOS


The controllers are configured in an all-masters-model with one controller having a higher VRRP priority than the other.


Basically, I followed the configuration guidelines in Chapter 25 of the ArubaOS 6.2 User Guide.


One of the configured SSIDs uses EAP-TLS authentication.


My question is whether my clients' connectivity to the EAP-TLS enabled WLAN should persist if the active master controller fails?


My experience is that clients get disconnected once the active master controller is down. Also, it takes quite a while for a client to be able to re-establish connectivity again.


Is this normal behaviour with EAP-TLS authentication?




Re: Controller redundancy with EAP-TLS authentication

Yep,As Far as i aware,It's normal - Each Controller got is own user-db (that the database that contain all the AAA info regarding all the users of your WLAN) . so when your 1st failed - your 2nd master need to build is own new user-db = each user/device need to re-auth.


have a gr8 day. :smileywink:



*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: Controller redundancy with EAP-TLS authentication

On any controller failover you will be disconnected and reconnected.   The controllers do not currently share user table/state data between each other, therefore the client will need to reauthenticate.  The time to do so will vary depending on how long it takes for the AP to come up and then the client to reauthenticate. 

Systems Engineer, Northeast USA

Contributor II

Re: Controller redundancy with EAP-TLS authentication

Thanks for your help!


That is what I thought would happen but its good to have confirmation, anyways!




Contributor I

Re: Controller redundancy with EAP-TLS authentication

My understanding is that stateful failover will be supported in the next version of code which is released. I would check with your SE on this feature/enhancement.

Search Airheads
Showing results for 
Search instead for 
Did you mean: