Wireless Access

I'm setting up a new Aruba environment on AOS8 and I'm just wanting a second/third/fourth set of eyes to verify that I'm doing it correctly.

 

I have a single MM vm.  I have 2 physical MC's..each in a different data center geographically.  Each MC will be primary for AP's local to it and backup for AP's local to the other MC.

 

I've setup 2 VRRP instances:

vlan1 - primary on MC1 and secondary on MC2 - dnsentry1 - Primary vlan for MC1

vlan2 - primary on MC2 and secondary on MC1 - dnsentry2 - Primary vlan for MC2

I'm setting up separate DNS entries for each VRRP address and the AP's will have a primary VRRP dns entry as their method of controller contact with LMS backup IP address pointing to the controllers IP (in case dns breaks).

 

I have configured the 2 controllers with an HA group and added in each physical controller IP (2 per controller) to the HA group as DUAL role so that they can serve as active and standby for some AP's.

 

I did not configure anything under "Master Redundancy" as I'm not sure if that's only for an active/standby setup?  And I figure the MM will handle sync'ing of local DB accounts, etc.

 

So now my question is clustering.  The controllers are in separate data centers, but I do have a L2 connection between the data centers and I've added both vlans to that trunk.

How does clustering fit into the mix?  I'm a little confused how all the redundant configurations fit together.

 

My thought is that clients connecting to AP1 terminating on MC1 will be on vlan 1.  If MC1 fails and MC2 takes over, then AP1 will be terminating that client on MC2.  Since MC2 has a L2 connection back to the core in the MC1 data center, routing shouldn't be a problem.  Of course latency will probably be an issue.

 

Any help is appreciated.  Thanks!

Quick question : Can those MCs shared the same L2 VLANs ?

Yes, there is a L2 connection between data centers so those vlans are available to both MC's.

In that case you should use the Clustering feature.

The way you are currently setting up is a valid design but you will miss out on some of the new cool Clustering features in AOS8:
https://community.arubanetworks.com/t5/Aruba-Solution-Exchange/Clustering-of-Mobility-Controllers/ta-p/282686

Please follow the instructions here:
https://ase.arubanetworks.com/solutions/id/143

A lot of functionalities (AirMatch , UCC , AirGroup) were moved to the Mobility Master so it is very important to configure a redundant MM .

You can configure a backup Virtual backup MM (don’t need an extra license)

Good to know about the backup MM without a license need.

 

So if I setup clustering, do I still need the HA config?  I guess I'm having trouble understanding whether they work together or if it's one of the other, etc.

Once you configure clustering, HA/FA is no longer needed.

So with clustering, do I only need 1 cluster with the cluster being independent of the vlans used for different SSID's?

 

For example, users in Location1 will be on vlan 1 with that vlan1 being primary on MD1 and users in location2 will be on vlan 2 with that vlan2 being on MD2?  I have a VRRP created for each vlan.  So is best practice to use a 3rd vlan (vlan 3) for controller type access (controller-ip vlan 3) on each MD. Then build the cluster around vlan 3 with vrrp?  

 

Or do I need to build multiple clusters per vlan?  Or is the cluster independent of the various vlans per ssid being used?

 

Sorry for all the questions, just trying to fully wrap my head around this.

Are you working with an Aruba partner?

For this design it is important to understand the different requirements in your environment .

 

Yes and no.  I'm searching on here as this setup is time sensitive and I'm unable to get ahold of our Aruba rep currently.

For example, users in Location1 will be on vlan 1 with that vlan1 being primary on MD1 and users in location2 will be on vlan 2 with that vlan2 being on MD2? I have a VRRP created for each vlan. So is best practice to use a 3rd vlan (vlan 3) for controller type access (controller-ip vlan 3) on each MD.

You dont need VRRP for the user VLANs 

You need VRRP for the following:

- if you are planning on using the AP>Controller dns discovery , create VRRP-IP (Controller Management VLAN) which will be shared between the MCs and then add an entry on your DNS server for aruba-master using this VRRP

- If you are using a RADIUS server and need to execute a change of authorization to devices , you want to make sure that each node within the cluster has its own VRRP-MC-1 and VRRP-MC-2 

 

Then build the cluster around vlan 3 with vrrp? Or do I need to build multiple clusters per vlan? Or is the cluster independent of the various vlans per ssid being used?

- If VLAN 3 is your management VLAN for all nodes , then yes you will need your VRRP using this VLAN

- You are clustering the controllers to load balance APs and Users , the SSID/VLAN configuration is based on how you are grouping/location the APs

 

Please take a look at the link shared previously which goes into detail on how to cluster controllers