Wireless Access

Hi, I would like to ask about Layer 3 Roaming. Below is an example of my setup.

 

Controller 1 - Master        10.10.1.2
Controller 2 - Standby      10.10.1.3
                                     VIP: 10.10.1.1

 

Controller 3 - Local 1    10.10.1.4
Serving Level 1 Access Points

SSID: STAFF ---->VLAN 101 Subnet: 10.50.0.0  255.255.254.0

            Guest ---->VLAN 701 Subnet: 10.100.0.0  255.255.254.0

 

Controller 4 - Local 2 10.10.1.5
Serving Level 2 Access Points

SSID: STAFF ---->VLAN 102 Subnet: 10.50.2.0  255.255.254.0

            Guest ---->VLAN 702 Subnet: 10.100.2.0  255.255.254.0

 

 

Controller 5 - Local 3 10.10.1.6
Serving Level 3 Access Points

SSID: STAFF ---->VLAN 103 Subnet: 10.50.3.0  255.255.254.0

            Guest ---->VLAN 703 Subnet: 10.100.3.0  255.255.254.0

 

 

Controller 6 - Local 4 10.10.1.7
Serving Level 4 Access Points

SSID: STAFF ---->VLAN 104 Subnet: 10.50.4.0  255.255.254.0

            Guest ---->VLAN 704 Subnet: 10.100.4.0  255.255.254.0

After setting up all AP groups and SSID's with different VLANS and subnets I tested the Wifi in Level 1, all is good internet is okay. Until I walked to Level 2 then I noticed that I can't do anything even if I am connected to wifi. I suspected it has something to do with L3 roaming. I went through the user guide and came across mobility domain, so I set up mobility domain with the help of the user guide. So far it is working, I can roam from level to level. However when I roam to another level I can't ping the
virtual IP which is 10.10.1.1, but I can ping the actual IP of the controllers. For me this is fine as long as I can reach the actual IP of the Master. My question is that, am I doing the right approach in L3 roaming by doing Mobility Domain or is there a better and simpler way of doing it?

 

My controllers are Aruba 7210 (Master, Standby) and Aruba 7220 (Locals), version 6.2.0. AP's are 135.

#AP135
#AP103
#7210
#7220

So,

 

I just want to make sure I am being helpful:

 

I see that you have 4 levels:  Are they in the same building?  If so, how many access points are on each level on average?  Do you have a different controller terminating access points on each level?

 

 

Hi cjoseph, thanks for the reply. They are in the same building. Actually the setup above is simplified, and each level have different number of AP's some levels has 30APs, some has 90APs and so forth, I have total of 350 APs.

 

Yes I do have controller terminating AP on each level, and to add to that I configured LMS IP and BLMS IP on each AP group. So if L1 goes down APs will go to L2, if L3 goes down APs will go to L4. So I'm thinking if one controller goes down, it will affect my roaming for that level.

Thank you for that explanation.

 

You can absolutely have the configuration that you mention with mobility groups, etc.

 

Why you would not want to do it, is because it could create issues with your troubleshooting, in terms of what clients roam to what access points on what controller.  If you are having a problem in a specific area, you would have to start debugging for clients in that area on 3 controllers, instead of one and correlate all the information.  This is because RF is 3-dimensional and any access point which is above, under or on the same level as the client is fair game for association.

 

What you might want to do, since you have controllers that could satisfy it, is potentially put all of your access points on one controller (7000 series) and back them up either via LMS-ip or VRRP on a second (7000 series) controller.  Bridge all of the user traffic to the same VLANs on both controllers.  If one controller goes down, all access points end up on the second controller and will bridge user traffic to the same VLANs.

 

That way, things are more consistent in that you know (1) what controller those access points need to be on during regular operation (2) what controller your clients need to be on during regular operation (3) only need to go to a single controller at a time for statistics/debugging, etc during normal operation.  In addition, polling via Airwave or other packages will miss statistics when clients roam between controllers, possibly hiding client, application or RF issues, if you use multiple controllers in that situation.

 

I am oversimplifying here, without complete knowledge of your infrastructure, redundancy and security requirements....  Please let me know if I am off base...

Actually what you said above is what I wish they would have designed it, simple and easy to troubleshoot. But because of their requirements, I have to configure it this way. I guess I will have to live with the complexity of troubleshooting. 

 

Another thing is that right now STAFF ssid is in WPA2-PSK authentication, but later on i will be implementing CPPM for them and change authentication to 802.1X. Since it is a layer 3 roaming is there gonna be issues on authentication if a client roam to another level?

---

@imus_rl wrote:

Actually what you said above is what I wish they would have designed it, simple and easy to troubleshoot. But because of their requirements, I have to configure it this way. I guess I will have to live with the complexity of troubleshooting. 

 

Another thing is that right now STAFF ssid is in WPA2-PSK authentication, but later on i will be implementing CPPM for them and change authentication to 802.1X. Since it is a layer 3 roaming is there gonna be issues on authentication if a client roam to another level?

---

imus_rl,

 

Very interested in what their requirements are so that we can be aware of such deployments.

 

In general there are not going to be issues with layer3 roaming and 802.1x.  In practice, it will again make things more difficult to troublehshoot.

Hi Folks,

What is the role of Standby controller in above deployment... Below are the details accordingly...

Controller 1 - Master        10.10.1.2
Controller 2 - Standby      10.10.1.3
                                     VIP: 10.10.1.1

How can we achieve redundancy ?? In case of above L3 roaming deployment, if any of the Local Controller goes down, than AP associated to that respective Local controller will mapped with Standby controller or any other Local controller...

 

Also Please define, If I am not using any Standby controller with my master (Controller 1 - Master : 10.10.1.2), and my Master controller goes down than, any of the local controller take charge of the master... Please define how it behave...

 

The standby controller does nothing unless the master is unavailable. If access points are connected to the VIP between the master and the standby, and the master goes down, the standby controller will begin servicing the access points and the users on those access points.

If you do not have a standby master, you need to configure a backup LMS up in your ap system profile for your access points to fail over to.

Hi cjosheph,

Thanks for your reply…

But few things are still not clear, please look into the below mentioned points and help me…

1. If I have four Mobility controller, configured one as Master controller and three as Local Controllers to serve AP in different LAN segments. There is no backup/standby controller of master.
2. If My Master controller goes down, than how they behave… Any of the Local controller will take charge of Master or Not?? Or entire WLAN goes down??
3. If any of the Local controllers goes down, than how it behave… Who will take charge and serve the AP associated with that controller? How L3 roaming will perform in case of Local controller failure.
4. If any Local controller take charge in case any local controller failure than, who will decide that, which controller take charge and serve AP, s?? What is the election process?
5. What configurations required to achieve redundancy
6. Please refer the attached logical diagram for reference and please share your exprt advice on the same...

Also please share Aruba training videos and docs link if possible… Thanks in advance…