Wireless Access

Hello, here is my first question for the forum.

We have a pair of shiny new 7210 controllers, and I am going through the configurations for the first time.

My history is that I am an  Enterasys man, so these Aruba controllers are new to me, too.

I am having some good successes configuring so far.  I have them both connecting with trunked uplink ports, and the VRRP instances I created for active/active operations are behaving as they should.

I think I have the master redundancy configured, but am not sure about the standby master controller role.

When I did the initial configs, I set one controller role to master, and the second controller role to local.  Now I get to my first qestion:

Should I change the role of my local controller to master instead of local as well?

My second question has to do with the WebUI config for Master Redundancy.  I chose to use IPSec, which asks to enter a password, of course.  Where on the other controller do I configure that IPsec password for the master redundancy feature to work?

Thanks,

Jess

The answer to your last question is "Yes".

To configure master redundancy:

- Configure a vrrp between two controllers on their management vlan.

- First Make sure that the controller with the configuration that you desire has the higher priority and is  the "master" of the vrrp (show vrrp).  This is important, because whoever has control of the VRRP when you configure master redundancy propagates his configuration to the opposite controller.  If you configure the VRRP wrong, a controller with very little configuration who has control of the VRRP when you configure master redundancy will overwrite the other controller's configuration.

- When you are sure the controller with the desired config is the master of the VRRP, first configure master redundancy on that side.  Master redundancy will ask you what VRRP do you want to tie the master redundancy to.  This is important because the status of that VRRP decides what configuration will be used between both controllers.

- Configure master redundancy on the other side.  That side should have the role of "backup" on the VRRP

- When you have both sides configured, when you type "show switches" from the "Master" side, it should show the other side as standby, and that is how you know you are successful...

Gotchas:

- You cannot terminate any access points on the backup master.  You would point the LMS-IP of the ap group at the VRRP address and whoever has control of the VRRP (the master) would terminate and service the access points.

- If any access points point to the backup master, no traffic will be passed

- If the backup master is running a DHCP server, it will still give out ip addresses.

Thanks, Colin.  That was very helpful.  I am now getting beat up with IP interfaces and uplink prioirities...

Jess

Hi All,

I am facing an issue that the standby controller is changing as master automatically without any failover. 

Controller:7210

OS: ArubaOS_72xx_6.4.4.8_55228

Anybody can help to solve this issue?

Reg,

Shamz

You should open a TAC case.  Troubleshooting what you describe could be complicated and would be difficult to handle on this forum.

Hi, It is an old thread, but I could not find an answer anywhere else. I am having the same set up, but failover to the backup-master takes abbout 1 minute. Is that normal and is there a way to speed it up?

I see that it takes about 30sec for the backup to become a master and the APs to fail over and about another 30 sec for the AP to start passing client traffic.

what does your VRRP config and master redundancy config look like?

Here it is

master-redundancy
  master-vrrp 11
  peer-ip-address 10.0.0.6 ipsec *************
!
vrrp 11
  ip address 10.0.0.11
  vlan 30
  preempt delay 15
  no shutdown
!


####################


master-redundancy
  master-vrrp 11
  peer-ip-address 10.0.0.5 ipsec ***********
!
vrrp 11
  priority 50
  ip address 10.0.0.11
  vlan 30
  preempt delay 15
  no shutdown
!