Wireless Access

Reply
Frequent Contributor I

Re: Loopback IPs in controller cluster

OK.  I can use the loopback IP as the controller IP, I can route traffic to and from that IP via separate physical interfaces for the two networks, and the APs can use that as their LMS. So far so good.

 

The purpose of the static routing is just to advertise the loopback addresses without running OSPF on the controllers themselves. Within each network the route would be propagated normally as you suggest.

 

The more interesting part will be the clustering configuration. It's scenario 2 in the user guide, so should be fairly straight forward.  We'll see.

Highlighted
Guru Elite

Re: Loopback IPs in controller cluster

Why do you need a loopback ip address again?  

 

Let's do this: How many access points and how many controllers do you have?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: Loopback IPs in controller cluster

2 controllers, approximately 700 APs on each network (1400 total).

 

The 8.6 user guide (pg 51) says the loopback must be configured in a "multiple subnets [...] scenario". It goes on to say that if you don't then the first configured VLAN IP will be used instead. I assume that the logic here is that by configuring a loopback IP explicitly you get to override that automatic selection.

 

As I understand it, an AP always builds its tunnel to the controller IP address, not to a VLAN IP.  So if the controller IP is an interface VLAN IP, then all APs, from both networks, have to have a path to that interface.

 

With correctly configured routing, there's no reason that path couldn't be from a different interface on the same controller, which solves the problem of eliminating the external connection between the campus and residence networks.

Highlighted
Frequent Contributor I

Re: Loopback IPs in controller cluster

I think you mentioned this, but just to make sure

You are able to use a VLAN-IP as the controller-IP (controller-ip vlan xyz)

From what I understand (and if I'm wrong someone please correct me) but I don't think you'll be able to manually specify the LMS while running a cluster. I believe the master in the cluster is going to override it and spread the APs between members in the cluster based on load-balancing. (I think this thread explains it better) 

If you have 2 separate controllers, and use LMS and backup LMS, I think what you are trying to do should work, as long as you setup the controller-ip as needed


Chris Wickline | Network Engineer | York College of Pennsylvania
Highlighted
Guru Elite

Re: Loopback IPs in controller cluster


@Andrew Bell wrote:

2 controllers, approximately 700 APs on each network (1400 total).

 

The 8.6 user guide (pg 51) says the loopback must be configured in a "multiple subnets [...] scenario". It goes on to say that if you don't then the first configured VLAN IP will be used instead. I assume that the logic here is that by configuring a loopback IP explicitly you get to override that automatic selection.

 

As I understand it, an AP always builds its tunnel to the controller IP address, not to a VLAN IP.  So if the controller IP is an interface VLAN IP, then all APs, from both networks, have to have a path to that interface.

 

With correctly configured routing, there's no reason that path couldn't be from a different interface on the same controller, which solves the problem of eliminating the external connection between the campus and residence networks.


 

"You must configure a loopback address if you are not using a VLAN ID address to connect the managed device
to the network" - That is an overstatement.  A controller's management ip address is on a VLAN and that VLAN has an ip address.  You don't "need" a loopback.  In your situation, it would be complicating a rather simple network.  If your controller's management ip address is on VLAN 100, you would simply do:

 

config t

interface vlan 100

ip address 192.168.1.20 255.255.255.0

controller-ip vlan 100

 

And you would be done.  No loopback needed.  A controller, even in the most complicated networks, only requires a single ip address on a VLAN.  The client VLANs do not require an ip address if the client's default gateway is the layer 3 switch (router) instead of the controller.

 

A controller needs an ip address for (1) Management and (2) for access points to send their traffic to.  The only other circumstance where a controller would need an ip address is if you have a captive portal network, and you don't want to host that captive portal on the management ip address of the controller.  Please don't get hung up on the loopback interface.  It is not necessary....


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Frequent Contributor I

Re: Loopback IPs in controller cluster

Thanks.  Now perhaps we should lock the technical writers in a room with the engineers for a few months...

Highlighted
Guru Elite

Re: Loopback IPs in controller cluster

..and we should add the customers that ACTUALLY read the user guide(s).


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Frequent Contributor I

Re: Loopback IPs in controller cluster

To be fair, I do have a lot of time on my hands in quarantine.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: