Wireless Access

Hi all,

 

I am looking for the possible methods of redundancy for RAPs - I know in a master/standy scenario, you would NAT the public IP to the VIP and the VIP would handle the failover scenario with it's virtual IP and MAC. If two controllers are not within the same L2 network, meaning we can't setup VRRP, is LMS/Backup LMS a viable option? Obviously we would need (2) public IPs instead of (1) and the RAP would require a reboot, but in a DR scenario, is that a possible option? I've always used VRRP for this, but I understand it's limitations.

 

I looked through the RAP VRD as well, and it seems like best practice is VRRP in a Master/Standby setup.

 

Thanks!

2 public IPs.  The VRRP implementation in ArubaOS does not work with RAP. EDIT:  IF the VRRP is behind a NAT boundary (e.g. static nat to private VRRP does not work).

 

Setup a DNS a-record

Populate that A-record with both ip addresses

Have your DNS server deliver the ip address as round-robin or both addresses at one time to the a-record that RAP points to.

Is the VRD for the RAP outdated then, because it has VRRP as the method for Master/Standby.

If we setup the A record with two IPs, and use one of those methods, the RAP would resolve only 1 address though correct at a time? So if the controller went down, the RAP would also go down?

Can we just use the old method of LMS/Backup LMS or use something like a Netscaler to distribute a single public address and swing over if primary controller is down?

If you setup DNS a-record with two addresses, what happens next depends on the DNS server configuration:

- DNS round robin will deliver one ip address and then the other

- An alternate DNS setup will deliver both addresses

 

If the DNS server is only serving up one address at a time (round robin), that is all that the RAP will try.  If it finds a controller at that address, you can deliver a second address via backup LMS-IP, which it will use as backup.  If it does not find a controller at that address, it should reboot, where the DNS server should supply the second address.  If the DNS server is sending out two ip addresses, the RAP will try the first address, and if it does not exist, it will try the next address.  LMS-IP and backup LMS can be delivered to the RAP in any scenario where it finds a controller.

 

LMS and Backup LMS can only be delivered if the RAP finds a controller after cold boot in the first place.  DNS supplying alternate addresses or I guess a Netscaler would provide redundancy upon cold boot for the initial ip address.

Interesting question brought up - can you add (2) provisioning rules in Activate for IAP to RAP in a folder for redundancy? Would it accept both rules and try the first, then the second if the first fails? How would it handle that?

At this time, you can only put one.