Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

HA Setup and issues

This thread has been viewed 0 times

  • 1.  HA Setup and issues

    MVP
    Posted Sep 28, 2018 03:18 PM
      |   view attached

    I am newer to working with aruba, and need to clarrify some things as I'm troubleshooting some connection and HA/failover issues.

     

    My scenario: we have two 7240's, one is a master and one is a local. Both controller configs show this for the HA settings...

     

    ha group-profile "HA-Group-Prof"
        preemption
        state-sync
        pre-shared-key xxxxxxxxxxxxxxxxxxxx
        heartbeat
        controller xxx.xxx.xxx.xx1 role dual
        controller xxx.xxx.xxx.xx2 role dual

     

    1. Since both are set as dual, is this considered "active/active"??

     

    2. On our main AP system profile, both the "LMS IP" and the "BACKUP LMS IP" are set. (LMS IP = xxx.xxx.xxx.xx1, BACKUP LMS IP = xxx.xxx.xxx.xx2). The "LMS Preemption" box is checked, and hold down is set at 600 seconds. Is this misconfigured? If both controllers are set for dual, should a BackupLMS IP be specified?

     

    3. I dont think we have VRRP set up. "Show ap tech-support" for one of my WAPs shows this for the controller section...

     

    Controller Information
    ----------------------
    Item            Value
    ----              -----
    Primary LMS xxx.xxx.xxx.xx1
    Backup LMS xxx.xxx.xxx.xx2
    Standby xxx.xxx.xxx.xx2
    Using Primary
    LMS Preemption Enabled
    Hold-down period 600
    HA Preemption Enabled
    HA on BLMS Disabled
    Running Hold-down time for HA No
    VRRP No

     

    4. Reference the attached diagram that describes my setup to help with the next question. All WAPs were terminating to MC1, and they had their backup tunnel established to MC2. I downed port e7/11 on 7K#1 (which is uplink to MC2). As soon as I did this, all of the WAPs left M1 and reterminated over on M2. (this made no sense to me) WAP logs showed this the second after I downed the link...

     

    2018-09-27 07:14:42 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

     

    Does this mean the standby controller (M2) lost its "standby tunnel" and was trying to reestablish it?

     

     

     

    Attachment(s)

    pdf
    WLAN for aruba forum question.pdf   171 KB 1 version


  • 2.  RE: HA Setup and issues

    MVP EXPERT
    Posted Sep 30, 2018 05:24 AM

    Hey,


    I'll try and answer some of these :

     

    1) Yes, controller serves some APs and acts as a standby controller for other APs.

     

    2) This is an optional configuration parameter, when enabled you will also see a lms-hold-down-period value defined in the AP System Profile. Correct, you will need a BLMS IP specified in the AP System Profile.

     

    3) What is the output of "show vrrp" on each controllers? The fact that you have a Master + Local hints that these maybe L3 separated hence so no VRRP.

     

    4) In the first instance, had the APs correctly established the tunnels to both controllers prior to the link going down?



  • 3.  RE: HA Setup and issues

    MVP
    Posted Oct 01, 2018 09:49 AM

    1. Ok cool. So both are set for dual and they act as active-active. What confuses me is that in my AP sys profile, MC#2 is set as the BLMS. So when an AP gets pushed there for whatever reason and terminates primary on MC#2 (and standby to MC#1), wouldnt MC#2 think itself is the "BLMS" since that's what configured in the AP sys profile?

     

    3."show vrrp" returns blank on both controllers.

     

    4. correct, both tunnels had been good (primary tunnel to MC#1, standby tunnel to MC#2)



  • 4.  RE: HA Setup and issues

    MVP EXPERT
    Posted Oct 01, 2018 10:42 AM

    1) I'm not sure on your question, LMS and BLMS determines where the GRE tunnel is terminated. If you wanted active/active you would use 2x AP System Profiles with the LMS and BLMS reversed on each profile.

     

    3) There is no VRRP configuration then.

     

    4) Odd, you may need to post the full logs for the AP in question. I assume CPSEC is enabled on both? 



  • 5.  RE: HA Setup and issues

    MVP
    Posted Oct 01, 2018 11:04 AM

    1. Using two different AP-sys-profiles would make sense (flip around the LMS and BLMS on the other profile)... but that's not how we are setup (and is maybe contributing problems). 

     

    4. Looks like CPSEC is disabled on both controllers.

     

     

    What really confused me was the error: 2018-09-27 07:14:42 Failover request from standby: fail-over to xxx.xxx.xxx.xx2 This is saying the standby controller requested failover to itself (because xxx.xxx.xxx.xx2 WAS the standby controller)

     

    Below is the WAP HA failover info... you can see before the morning of 9/27/18 at 7:14:42 (when I downed the interface to standby controller, yet the WAP tried to fail to it) the WAP was terminating to LMS. (I downed of one of the portchannels to the BLMS at 7:14:41 on 9/27)

     

    HA Failover Information

    Date Time Reason (Latest 10)

    2018-09-27 07:25:14 Pre-emptive failover back to LMS xxx.xxx.xxx.xx1

    2018-09-27 07:14:42 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

    2018-09-13 08:18:55 Pre-emptive failover back to LMS xxx.xxx.xxx.xx1

    2018-09-13 08:08:26 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

    2018-09-13 07:29:51 Pre-emptive failover back to LMS xxx.xxx.xxx.xx1

    2018-09-13 07:19:19 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

     

    So if the WAP was on LMS, and I downed a link to BLMS, why do I see "Failover request from standby: fail-over to xxx.xxx.xxx.xx2". That makes no sense to me. That's why I was curious if a standby tunnel being lost could throw this error, but I wouldnt think it would.