Wireless Access

Hi folks,

I'm setting up our new WIFI with dual 7030 Controllers with AOS 6.5 in master-master (dual) configuration.

I've been testing failover the whole day now and it took some time for the controllers workling so far the do now but I made a good progress so far.

At this point there's still one thing I don't understand, hopefully you have some tips for me.

The controllers see each other, they are in a HA Cluster Group, controller 1 syncs it's config to controller 2.

I tested controller 1 going down by disabling the switchport on the switch where it's connected to.

Controller 2 overtakes the APs, showing the right (his) switch IP for the APs but the APs stop working.

They don't send out my SSID.

The AP I'm testing at has the IP of Controller 1 set als LMS IP, the IP of Controller 2 as backup LMS IP adress (not the VRRP IP). These IPs are also shown as their origin, primary IP.

The AP licenses seem to be available (centralized licensing is activated und seems to be working), controller 2 is reachable at the network, RADIUS should work (I've tested it at the Diagonstics part of the web GUI).

The only strange thing is that in the controller list in the web GUI the controllers show as active and standby but should be both active?

I hope someone has some idea where I can look for the reason for this behavior.

Make sure you have the user VLANs defined on the backup master controller.

I just compared the VLAN Configuration (which is very simple in my case), it's almost the same on both controllers. The only difference is that on controller 1 there is a VLAN 4094 (DHCP) with no ports configured which doesn't exist on the second Controller. I think it's from the default config and I don't use it.

There is one other thing I found: there is a VLAN pool on both Controllers. Same Name, same assignment type (hash), but with no VLAN ID on the second controller. On the first controller it's assigned to the same VLAN ID I use for my Clients, on the second there isn't a VLAN ID assigned and  I'm not able to assign one in the Web GUI because it "forgets" the ID I enter in the field when I try to edit and save the value.

On the controller where you cannot set the VLAN ID, type "show audit-trail 10" to see if it is even executing the command on the commandline.  You might then be able to type "config t" and then execute the command yourself if it is failing.  Not having a VLAN assigned will keep a WLAN from coming up.

Thank you cjoseph, the VLAN was the reason for my problems.

Now I can disconnect my first controller from the LAN and the second will overtake the AP, there is only 1 ping that gets lost  on my wifi client and when I disconnect my wifi client from the wifi and reconnect the RADIUS server says me that it authetificates with the second controller.

That's the point at that every really important is running.

There is only one more question I want to ask because I'm not totally sure about that.

My two controller are runnig VRRP for the failover, having a common VRRP IP address (in my case that's 10.1.123.10).

But I don't really use it because my APs connect to my Controllers using the LMS and Backup LMS IPs (10.1.123.1 for the first und 10.1.123.2 for the second controller).

For discovery I don't use it as well (should I?), in my DHCP I use the own IP of the first Controller.

Do I need VRRP at all in this case? Or is it still needed for the failover mechnamism?

You should point your access points at the .10 address in your discovery mechanism (dns or dhcp option).  You should also make the lms-ip the .10 address and that is all you will need.  You will not need a backup lms.