Wireless Access

last person joined: 14 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Does Master-Standy will auto sync with active-Master configuration?

This thread has been viewed 5 times

  • 1.  Does Master-Standy will auto sync with active-Master configuration?

    Posted Mar 12, 2013 11:14 PM

    Hi all,

     

    we are planning setup 2 x 3200 Controllers to Master/Master-standby redundancy. I'm just curious that once the VRRP redundancy been setup, does the Master-active configuration will auto sync to Master-backup controller? if not, should i manually copy the configuration of Master-active to Master-backup?

     

    Thank you.

     

    Regards,

    Jimmy.


    #3200


  • 2.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Mar 13, 2013 02:44 AM
      |   view attached

    Hi,

    :smileyhappy:

    VRRP it's just one part of the redundancy configuration.

    Now you need to config your controllers to work in Master | Master standby mode - so yes there is a sync of config. (if you configured it in the right way)

    There are some things that are not synced, such as VLANs, IP addresses, DHCP pools, host name, etc...(internal database can only exist on one controller,)

    - VLANs
    - VLAN interfaces
    - Spanning tree configuration
    - clock summer-time config
    - clock timezone
    - login banner
    - location setting
    - tunnel interfaces
    - snmp-server configurations
    - Ethernet port configurations
    - port-channels

     

     Be sure to read this guide: (Page 46)

    http://www.arubanetworks.com/wp-content/uploads/VRD_Aruba-Mobility-Controllers_8.pdf

     Captureasdasd.PNG

    Also... (to make an easier life for you) :)

     I attached for you some good guide (a bit old - but will give u some idea)  to this post.

     

    Have a lovely day.

    :smileyvery-happy:

    me

    Attachment(s)

    pdf
    Redundancy_Design_Guide.pdf   2.16 MB 1 version


  • 3.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Mar 13, 2013 03:31 AM

    Thanks for your information!!~~~~



  • 4.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Mar 18, 2013 08:43 AM

    Also a big one that caught me off guard was certificates. They are not sync'd so be sure to add those manually to both controllers.



  • 5.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Feb 13, 2015 07:19 PM

    Confused here with Master/Backup when there are several VLANS and SSIDs.  As I have several VLANS on the existing Master (that I want mirrored if you will on the backup), do I have to configure a VRRP instance for each VLAN?  All the examples  I have seen pertain to a single VRRP instance or VRID.

     

    I have several SSIDs on several VLANs that support internal/guest/etc wireless clients.  Firewall policies tie to IP addresses of the existing VLAN IP.  I realize I have to migrate to a VIP but do I have to do the same for all VLANS and the associated IPs?  That is the only thing that makes sense to me.

     

     



  • 6.  RE: Does Master-Standy will auto sync with active-Master configuration?

    EMPLOYEE
    Posted Feb 13, 2015 09:06 PM

    Vlan Numbers, if specified in Virtual APs are consistent between masters, backup masters and locals.  On each Master, backup master and local, a numbered VLAN can correspond to a different subnet, or even a different port.  How VLANs are interpreted on each physical controller can be configured differently from controller to controller.

     

    A VRRP, on the other hand has a few different functions:

     

    - Between master and backup master on a management VLAN, it determines who is the master

    - It can also be used to present a single ip address that access points terminate on, so that the controller with priority will handle all the access point traffc; if that controller goes away, the backup controller will then handle all of the traffic going to that same shared ip address

    - Less used is putting a VRRP on a VLAN so that clients that have that ip address as a default gateway can fail over to an opposite controller; typically the VRRP or HSRP ip address is configured on two layer 3 switches that end up being the default gateway of your clients.  The controller in most situations is not the default gateway for client traffic.

     

    The short answer is that NO, you do not have to configure a VRRP for each VLAN.

     



  • 7.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Feb 13, 2015 10:22 PM
    Thanks for the reply. Here is my dilemma:

    The master is doing NAT for one of the VLANs for Internet. The default gateway is the NAT interface of the master and handed out via DHCP for the clients. That VLAN ip say is 10.0.0.1 (VLAN) and the default gateway for all outbound traffic that is then NAT to the controller outside interface (VLAN2). If IP address scheme of controllers doesn't matter, then during failover the backup with 10.0.0.2 IP (for example) fails to forward traffic because clients are trying to still send to 10.0.0.1 and my default route to the outside interface of the controller is no longer valid either (again different IP).

    So I cannot see how this could work in a Master/Backup unless any significant IP (one that must float) is from a VRRP instance. I have configured several Junipers in active/active and active/passive and all interfaces are virtual and float meaning all policies continue to work with failover. Likewise I have configured several dozen VRRP instances for key traffic subnets in my network. It all works like a clock. I can't wrap my head around how this works with Aruba controllers. Is there additional documentation you can refer?

    Thanks again. We are preparing to buy two new controllers and I need to get things to work in active/backup like all the other stuff. I am trying to test now on our legacy 5000s





      



    "The comments and opinions expressed herein are those of the author of this message and may not reflect the policies of the Martin County Board of County Commissioners. Under Florida Law, email addresses are public records. If you do not want your email address released in response to a public records request do not send electronic mail to this entity. Instead, contact this office by phone or in writing."






    Click here to subscribe to Martin County’s e-Newsletter


  • 8.  RE: Does Master-Standy will auto sync with active-Master configuration?

    EMPLOYEE
    Posted Feb 13, 2015 10:41 PM
    What I would investigate is placing the traffic so that a device other than the controller is doing NAT to the internet. That way, the use IP address scheme can be used regardless of what controller is up.


  • 9.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Jan 15, 2016 12:18 PM

    I have a similar situation. Any answer on this?



  • 10.  RE: Does Master-Standy will auto sync with active-Master configuration?

    Posted Jan 15, 2016 01:39 PM

    From what I understand (and done simple tests), you have to do NAT and session tracking up-stream.  Aruba does not have a true H/A solution.  What I did and what was suggested:

     

    Do NAT upstream of the controller (i.e. on your firewall) and let that be the default gateway of the clients instead of the controller IP.  If one of the controller fails, the client is still sending to the firewall as the default gateway.  Session data is maintained there too so the client may see a delay but shouldn't lose the session.

     

    What I did was connect the "outside" interface of the controllers to the firewall.  The clients then are always sending to the firewall as their default gateway.  The controllers decide which one is active.