Wireless Access

I have gotten myself very confused. I have read many posts and manuals and the more I read the more confused I get. We just switched to an Aruab Wireless network. We were supposed to get two controllers, but one was backorderd. So I set up around 240 AP on one 7210 controller (we will still be adding a quite a few more AP) and had them for the most part working the way I needed. We recently received a second controller 7205. I set it up as a local controller and pointed it back to our master controller. I have read in circles about vrrp and ha, but I seem to keep getting a little confused. My assumption is HA would work well for me with an active active setup. Spread the ap on the two different controllers. Probably turn on centralized licensing seeing as how both controllers came with licenses. I got the two controllers to see each other. I then took one of my ap groups that only had one ap in it and used the ap system profile to assign an lms ip to the local controller and then the master ip for the backup. I thought at worse I only mess up one access point. Shortly after making this change, I lost every AP. They all went down. I had to reboot all of them to get them back. I also cleared the ip addresses from lms on the one group as I was rebooting the APs. They all came back and were up and running, however the one AP that I was testing with seems to keep going id(inactive/dirty). A reboot will open it back up again, but I can't seem to figure out why it keeps going out after about 40 minutes. I no longer have lms addresses and I re-provisionsed it. After I figure that out I still need to figure out how to properly get these to switch over to a local controller without taking out my entire network.

If anyone has any good advice it would be much appreciated.

First things first:

Do you really want the second controller to be redundant to the first controller or you just want to add capacity?  Are both controllers in the same physical location?

Not the same physical location. They are on the same lan though with differnet vlans. We have about 8 buildings to cover. The solution was sold to us with two contolers but little explanation. We will eventually have about 440 access points. I assumed if I split the access points between contollers it would help with traffic flow.

Okay. NOT redundancy, just to add capacity.

In that case, you don't need a VRRP.

For the APs that will be on the primary controller, the ap-group has an ap system profile, which has an lms-ip which should point to the controller your want the APs to be on.  In summary:

ap-group

  ap system profile

    lms-ip

At minimum, you will have two ap-groups.  One ap group will have an AP system profile which will have an LMS-ip which will point to the first controller.  The second ap group will have an AP system profile which will have an LMS-ip which points to the second controller.  You will just provision APs to the ap-group which has the LMS-IP of the controller that you want them to be on.

I thought with High Availibilty and both controllers active (duel mode) I would accomplish added capacity but also redundancy in case of emergency. Would that need VRRP as well for that?

In terms of just splitting them, what you described is exactly what I attempted to do however it took every ap offline. I thought that was pretty odd because there was only one ap in the group that I pointed to a new lms address. 

As I said before, a reboot of every ap brought them back, but the one ap that I tried changing, I changed back, but it only works for about 20 to 40 minutes and then goes dirty/inactive.

It is challenging to provide redundancy when two controllers are not at the same physical site.  Your priority should be to get the expanded capacity working FIRST and then possibly design redundancy in second.

Did you "point" APs at controllers using the AP Installation process?  If yes, you should not do that.  You should let dns or dhcp discovery point an AP at a controller and then the LMS-IP in the AP System profile in the AP group will redirect them to the correct controller.  Putting in an ip address in the AP Installation dialog will considerably restrict your flexibility.

Redundancy is fine, but if designed improperly, you will have no idea where your access points should or should not be.  It looks like that is what you are going through right now.  The Aruba platform is powerful, but there are no fences that keep you from making critical mistakes that affect your availability.

To be clear, your master discovery settings under AP Installation should look like below.  It should not have an ip address:

What should happen is that APs should boot up, try to resolve aruba-master.<domain>.com and that "a-record" should point to  the ip address your master.  The AP will be able to find your master controller using this.  By default, out the box, that is how all APs should work and that is what ...you should use for deployment.  You should not put anything in the master controller ip address, because if you ever decide to change the master controller ip address, you will have to manually change all of your APs using this dialog box individually

That is how my master discovery is set. So far all AP's have successfully joined the master using the dns record. I have the AP's split into groups for each building we have. I have one building with only a single ap. That's the group I am using for testing. I am hoping if I get that to work to split certain buildings off to the local controller. I just am not sure why every ap in my system went down when I only changed the one group with one AP in it. It makes testing changes hard when the entire system is going to crash.

It is possible that you need to create another separate AP system profile and apply it to the new ap-group.  If you edit the AP system profile that is tied to all of your other APs, they will go wherever you configure.

You should go to configuration> wireless> AP configuration, where you can configure your ap-group exactly how the configuration is applied.  Do not go to Configuration> Advanced> All Profiles, which is just a list and does not show you the relation between your profiles.

I think I see what you are saying. I will look into that. 

Thank you.

I still need to change a few things and attempt again to move an ap over to the other controller, You have helped some already though. I was changing the default system profile for all of my AP's when I thought I was just changing settings for my one group. 

Seperately my one AP that kept going dirty/inactive I reset and then re-provisionsed and that seems to have cleared up that issue.

I will be attempting again soon to move an AP over and hopefully will get better results.