Wireless Access

I understand that access points use the following methods for master controller discovery:

 

• DNS
• DHCP Option 43
• ADP (Layer 2)

What I am unable to find information on is how an access point moves from knowing the IP address of a master controller to being connected to a local controller using a GRE tunnel.

 

Does the access point make contact with the master controller, which then instructs it to make the GRE tunnel to the local controller?   If so, is there any documentation on how process is completed?

 

I have a situation with a local controller on one side of the world and the master controller being on the other side of the world.   What I can't have is an access point being installed on one side of the world and it not being functional until twelve hours later when an engineer on the other side of the world gets to work.

 

Any information you have on this would be greatly appreciated.

 

 

 

Kind Regards,

 

 

Crowdie 

 

The dhcp option at the local site can be used to override the DNS entry locally and point that access point to its local controller. Alternatively , if an access point is on the same sub net as a controller , it will discover that local controller first, overriding all of the other methods.

Thanks for the information.

 

So what you are saying is the order of controller discovery is actually:

 

1. ADP (Layer 2)
2. DHCP Option 43
3. DNS

The local access points will be in the same VLAN as the local controller so should discover the local controller via ADP.

 

The access points will be placed in a unique AP group to seperate them from the overseas access points.   Can I completely provision them locally or is some configuration required on the master controller?

 

 

 

Kind Regards,

 

 

Crowdie

Let me tell you a story about how people deploy, instead:

 

Most people put in a dns entry of "aruba-master", because when access points are new, they will get a dhcp address, and dhcp suffix.  They will send "aruba-master.<dhcp suffix>" to the DNS server that the AP receives and try to resolve that to find the controller.  It is a very easy way for APs to find the controller, no matter where they are located.

 

When APs contact the controller, it sends its AP-name and AP-group to the controller.  In the AP-group configuration on the controller there is a profile called the "AP system profile" which can have an LMS as well as a Backup LMS ip.  So when an AP contacts a controller using any method and sends its information, the controller will send back an LMS-IP and Backup LMS-ip if configured.  If there is NO lms-ip or backup lms-ip configured, the AP will just stay on the first controller it finds.  If there is an LMS-ip, the AP will be redirected to that controller after finding the initial controller.  If there is also a backup lms-ip configured, the AP will fail over to the backup lms-ip, if contact is lost with the lms-ip controller.

 

When WLANs get larger, you get more controllers and you do not want APs to go to another country to find their local controller; you want them to find the local controller first.  In that case, you put the DHCP option 43 and 60 into the DHCP scope that provides an ip address to the AP, so that you can make exceptions to the dns discovery for each local subnet.  The DHCP options will override the DNS.

 

Last but not least, the local broadcast will override both, but it is pretty much only used when you have a single controller and your APs are in a single subnet that the controller already has an ip address in.

 

To make a long story short, most people start out with DNS.  They then apply DHCP options if they need APs to find a local controller first.

 

You can also provsion APs, either using a console cable, or in the Configuration> Wireless> AP installation screen to hardcode their local controller so that there is no discovery process.  Even when you hardocde the ip address for the APs master in this fashion, the AP can still be redirected if there is an entry in the AP system profile for LMS-IP or Backup LMS-ip.

 

If you are having problems please also see the discovery troubleshooting video in the knowledgebase here (login required):  http://community.arubanetworks.com/t5/Community-Knowledge-Base/Aruba-Controller-and-AP-Troubleshooting-Part-1/ta-p/18988

 

 

Coming from a Cisco background I have the DNS and DHCP Option 43 discovery options OK but the master/local controller concept is new as all Cisco controllers are standalone.

 

From the "Implementing Aruba WLAN" guide I have the controller functions as:

 

Master

• All profile configurations
• ARM
• IDS

 

Local

• AP termination (GRE tunnels)
• User traffic
• Firewall rules
• VLAN tagging

 

We are adding a local controller to an existing multinational wireless network with master controllers in Europe and local controllers around the world.  However, we want to be able to configure all parts of the local WLAN without the intervention of Europe (as do the Europeans) but with a master/local configuration this does not appear possible.  Can we configure profiles on a local controller?

 

BTW Thanks for all your help so far.   As this is my first Aruba local/master deployment I am just trying to get my head around it.

 

 

 

Kind Regards,

 

 

Crowdie

 

you could make the new controller a master, and do the local configuration there. This is especially important if the new location has a different set of administrators who might be changing the configuration or upgrading new controller.

If you want the new controller to get the configuration of the existing one, make it a local to that master. After it reboots, change the new controller back to a master and reboot. You will of course have to fix the local configuration to make sure they make sense where the new controller is deployed.

That is what I was thinking.

 

Is it possible to:

 

• Configure the controller as local
• Create a new AP group for the local APs on the local controller
• Create profiles on the local controller for the newly created AP group

 

What I am trying to work out is whether local controllers are almost solely for reducing the load on master controllers in large distributed WLANs with the vast majority of configuration done on the master controllers?

 

 

 

Kind Regards,

 

 

Crowdie

 

You can create an ap-group on the master controller. The config gets pushed to the local controller. When the aps on the local controller get provisioned to that special ap group, they will get the configuration when they attach to the local controller.

You cab only configure things like vlans and routing on the local controller. All the rest of the wlan configuration is configured on the master and pushed to the local.

Would we be better to leave the existing master/local WLAN network and configure our controller as a standalone with the Europeans having visability via AirWave?   This would enable profile changes to be made here without any intervention from the Europeans but they would still have visability.

 

If they wanted to directly access the standalone controller to make changes they could do so across a WAN link.

 

 

 

Kind Regards,

 

 

Crowdie

Yes.

I am looking at the "Aruba Implementing WLAN" guide and on page 4-9 it lists the controller discovery order as:

 

1. Static (set master-controller and set ip-address)
2. DHCP Option 43
3. ADP
4. DNS

 

 Are you able to confirm the controller discovery order?   I would prefer to use ADP but may have to use DHCP Option 43 if it occurs before ADP.

 

 

 

Kind Regards,

 

 

Crowdie

 

ADP only means the AP finds the controller on the same subnet.   If your APs at that new site will be on the same subnet as the new controller you are set.  

 

The only issue with that is if the controller is rebooting and the APs are rebooting at the same time, they will not find the local controller because it cannot answer, and instead  they will find the master controller via DNS.  I would go with the DHCP option so that those APs are always pointing at the correct controller.