Wireless Access

Hello everyone: 

I need some clarification on the following:   

Topology: 

Two local controllers 7010 running 8.2.1 with 20 315 APs.  

Controllers and APs are on the same vlan. 

I have an AP Group called Branches_AP_GRP

Consultant (Aruba is new to me) recommended the following:

ha group-profile "Branch HA"
state-sync
pre-shared-key mykey 
heartbeat
controller 1.1.1.1 role active
controller 1.1.1.2 role standby

After first deployment and learning about 8.2 new features, HP SE recommended clustering.  

Virtual Router 10:
Admin State UP, VR State MASTER
IP Address 1.1.1.3, MAC Address x.x.x.x, vlan 10
Priority 110, Advertisement 1 sec, Preemption Enable Delay 30
Auth type PASSWORD, Auth data: ********
tracking is not enabled

Virtual Router 10:
Description mex-vrrp
Admin State UP, VR State BACKUP
IP Address 1.1.1.3, MAC Address x.x.x.x, vlan 10
Priority 100, Advertisement 1 sec, Preemption Disable Delay 0
Auth type PASSWORD, Auth data: ********
tracking is not enabled

LMS pointing to 1.1.1.3 // the vrrp 

Type IPv4 Address Priority Connection-Type STATUS
---- --------------- -------- --------------- ------
peer 1.1.1.1 128 L2-Connected CONNECTED (Leader, last HBT_RSP 14ms ago, RTD = 0.000 ms)
self 1.1.1.2 128 N/A CONNECTED (Member)

Questions: 

1 - is this the "best-practice" setup configuration for dual controllers and APs? 

2 - Why one controller has more AP's than the other controller? 

     if I do show ap database it shows 15 APs ("s" flag shows for the remaining 5) with CNTL1 and 5 with CNTL2 

 3 - Has anyone seen before why the AP's cannot discover the controllers in Layer 2? I had to configured DHCP option pointing to 1.1.1.3 in order for the APs to come up.  

  I have two stack Cisco 3850 and one controllers plugged into sw_a and other sw_b for redundancy. 

4 - why does it show the same priority for the cluster on the config? 

lc-cluster group-profile "MY-Cluster"
controller 1.1.1.1 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 0
controller 1.1.1.2 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 0
active-ap-lb

I'm sorry for so many questions and thank you in advance for your answers.  

Cheers! 

Do you have an MM in your 8.x configuration?

Yes, I do.  I forgot to mention that.  

8.x was designed to address the limitations of VRRP-based and HA-based redundancy of with clustering.

In 8.x your cluster would have a VRRP so that you can point your access points using aruba-master or dhcp option based discovery to an active member of that cluster.  After the AP discovers that controller, it is then assigned a primary and failover controller  by the cluster master automatically. You would only use LMS or backup LMS if you wanted to use a second cluster for failover in case the first one is not avaiable (this is rare).  HA should not be configured in conjunction with clustering.  Once your AP discovers a controller in a cluster, the ip addresses of all of the controllers in that cluster is pushed to the access points and the access point no longer uses aruba-master or dhcp option based discovery upon subsequent reboots.

Questions: 

1 - is this the "best-practice" setup configuration for dual controllers and APs?  YES

2 - Why one controller has more AP's than the other controller? 

     if I do show ap database it shows 15 APs ("s" flag shows for the remaining 5) with CNTL1 and 5 with CNTL2 (You can influence the load balancing by editing the cluster parameters https://community.arubanetworks.com/t5/Wireless-Access/Triggering-AP-Load-Balancing-in-AOS-8-2-Cluster-Troubleshooting/td-p/415193).

 3 - Has anyone seen before why the AP's cannot discover the controllers in Layer 2? I had to configured DHCP option pointing to 1.1.1.3 in order for the APs to come up.  The dhcp option should be pointing to the VRRP.

  I have two stack Cisco 3850 and one controllers plugged into sw_a and other sw_b for redundancy. 

4 - why does it show the same priority for the cluster on the config? 

lc-cluster group-profile "MY-Cluster"
controller 1.1.1.1 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 0
controller 1.1.1.2 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 0
active-ap-lb

 That priority determines who will be the cluster leader or not.  If you care to have one controller be the cluster leader over another (you shouldn't, really) you would increase their priority

I'm sorry for so many questions and thank you in advance for your answers.  

To clarify, on one of your replies, you mentioned that I should not use the vrrp, but one of the active controller and then the controller will notify the APs of the other controller.  But on another reply, you mentioned I should poit the DHCP option to the vrrp IP.  Is this because (only when) the APs are not able to disconver the controllers via layer 2?  

It seems there is no need to LMS ip configuration when using cluster vrrp and that the not-sot balanced load of APs is normal behaviour, correct? 

VRRP based redundancy is just pointing the APS to a VRRP between controllers using aruba-master or dhcp options.  No clustering would be configured.

In a clustering scenario, you need the VRRP between the cluster members to point the aruba-master or dhcp option ip address to a single ip address.

Access points should be able to discover controllers layer 2, but many people do not do that for various reasons.

You probably configured load balancing after all of the access points were up.  It will load balance, but slowly.  If you reboot all access points, as they come up they will load balance based on the algorithm as they come up.