Wireless Access

Reply
Contributor I

HA Setup and issues

I am newer to working with aruba, and need to clarrify some things as I'm troubleshooting some connection and HA/failover issues.

 

My scenario: we have two 7240's, one is a master and one is a local. Both controller configs show this for the HA settings...

 

ha group-profile "HA-Group-Prof"
    preemption
    state-sync
    pre-shared-key xxxxxxxxxxxxxxxxxxxx
    heartbeat
    controller xxx.xxx.xxx.xx1 role dual
    controller xxx.xxx.xxx.xx2 role dual

 

1. Since both are set as dual, is this considered "active/active"??

 

2. On our main AP system profile, both the "LMS IP" and the "BACKUP LMS IP" are set. (LMS IP = xxx.xxx.xxx.xx1, BACKUP LMS IP = xxx.xxx.xxx.xx2). The "LMS Preemption" box is checked, and hold down is set at 600 seconds. Is this misconfigured? If both controllers are set for dual, should a BackupLMS IP be specified?

 

3. I dont think we have VRRP set up. "Show ap tech-support" for one of my WAPs shows this for the controller section...

 

Controller Information
----------------------
Item            Value
----              -----
Primary LMS xxx.xxx.xxx.xx1
Backup LMS xxx.xxx.xxx.xx2
Standby xxx.xxx.xxx.xx2
Using Primary
LMS Preemption Enabled
Hold-down period 600
HA Preemption Enabled
HA on BLMS Disabled
Running Hold-down time for HA No
VRRP No

 

4. Reference the attached diagram that describes my setup to help with the next question. All WAPs were terminating to MC1, and they had their backup tunnel established to MC2. I downed port e7/11 on 7K#1 (which is uplink to MC2). As soon as I did this, all of the WAPs left M1 and reterminated over on M2. (this made no sense to me) WAP logs showed this the second after I downed the link...

 

2018-09-27 07:14:42 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

 

Does this mean the standby controller (M2) lost its "standby tunnel" and was trying to reestablish it?

 

 

 

MVP Guru

Re: HA Setup and issues

Hey,


I'll try and answer some of these :

 

1) Yes, controller serves some APs and acts as a standby controller for other APs.

 

2) This is an optional configuration parameter, when enabled you will also see a lms-hold-down-period value defined in the AP System Profile. Correct, you will need a BLMS IP specified in the AP System Profile.

 

3) What is the output of "show vrrp" on each controllers? The fact that you have a Master + Local hints that these maybe L3 separated hence so no VRRP.

 

4) In the first instance, had the APs correctly established the tunnels to both controllers prior to the link going down?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Contributor I

Re: HA Setup and issues

1. Ok cool. So both are set for dual and they act as active-active. What confuses me is that in my AP sys profile, MC#2 is set as the BLMS. So when an AP gets pushed there for whatever reason and terminates primary on MC#2 (and standby to MC#1), wouldnt MC#2 think itself is the "BLMS" since that's what configured in the AP sys profile?

 

3."show vrrp" returns blank on both controllers.

 

4. correct, both tunnels had been good (primary tunnel to MC#1, standby tunnel to MC#2)

MVP Guru

Re: HA Setup and issues

1) I'm not sure on your question, LMS and BLMS determines where the GRE tunnel is terminated. If you wanted active/active you would use 2x AP System Profiles with the LMS and BLMS reversed on each profile.

 

3) There is no VRRP configuration then.

 

4) Odd, you may need to post the full logs for the AP in question. I assume CPSEC is enabled on both? 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Contributor I

Re: HA Setup and issues

1. Using two different AP-sys-profiles would make sense (flip around the LMS and BLMS on the other profile)... but that's not how we are setup (and is maybe contributing problems). 

 

4. Looks like CPSEC is disabled on both controllers.

 

 

What really confused me was the error: 2018-09-27 07:14:42 Failover request from standby: fail-over to xxx.xxx.xxx.xx2 This is saying the standby controller requested failover to itself (because xxx.xxx.xxx.xx2 WAS the standby controller)

 

Below is the WAP HA failover info... you can see before the morning of 9/27/18 at 7:14:42 (when I downed the interface to standby controller, yet the WAP tried to fail to it) the WAP was terminating to LMS. (I downed of one of the portchannels to the BLMS at 7:14:41 on 9/27)

 

HA Failover Information

Date Time Reason (Latest 10)

2018-09-27 07:25:14 Pre-emptive failover back to LMS xxx.xxx.xxx.xx1

2018-09-27 07:14:42 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

2018-09-13 08:18:55 Pre-emptive failover back to LMS xxx.xxx.xxx.xx1

2018-09-13 08:08:26 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

2018-09-13 07:29:51 Pre-emptive failover back to LMS xxx.xxx.xxx.xx1

2018-09-13 07:19:19 Failover request from standby: fail-over to xxx.xxx.xxx.xx2

 

So if the WAP was on LMS, and I downed a link to BLMS, why do I see "Failover request from standby: fail-over to xxx.xxx.xxx.xx2". That makes no sense to me. That's why I was curious if a standby tunnel being lost could throw this error, but I wouldnt think it would.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: