Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Reauthentication delay in controller HA setup

This thread has been viewed 0 times

  • 1.  Reauthentication delay in controller HA setup

    Posted Jan 02, 2017 04:25 AM

    Hi,

     

    We have 2 Aruba 7210 controller with AOS 6.5.0.3, AP model = 325 connected with single ethernet cable.

    802.1x SSID for windows client machine.

     

    Configured VRRP with AP fast failover.

     

    The issue is -

    While Master controller goes down and Standby controller takes control of AP, wireless client trying to reauthenticate and that will take 8-10 seconds.

    Due to this long(8-10) reauthentication delay client disconnect from running application.

     

    Could you please help me to fix this issue.

     

    Thanks in advance



  • 2.  RE: Reauthentication delay in controller HA setup

    EMPLOYEE
    Posted Jan 02, 2017 07:05 AM

    Is this a master/local setup or a master/backup master setup?

    Do clients end up on the same layer 2 subnet on both the primary and backup controller?



  • 3.  RE: Reauthentication delay in controller HA setup

    Posted Jan 02, 2017 07:26 AM

    This is Master/Standby setup.

    Yes. clients end up on the same layer 2 subnet on both the primary and backup controller

     



  • 4.  RE: Reauthentication delay in controller HA setup
    Best Answer

    EMPLOYEE
    Posted Jan 02, 2017 07:36 AM

    There are special instructions for using fast failover with a master/backup master.  Those instructions are here:  http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/VRRP/HighAvMigration.htm

    Did you configure using those instructions?

     

    In the end, it is probably easier to just remove the fast failover configuration between the master/backup master and just point the LMS-IP to the VRRP.  Why?  Because in a standard master/local redundancy scenario, both controllers can terminate access points at the same time, so failover can be very quick.  In a master/backup master scenario however, the backup master(standby controller) can only service access points when it has control over the VRRP.  I would first try removing the HA/Fast Failover configuration and just point the LMS-IP address in the ap-group to the VRRP between the master and backup master(standby) controllers and see if you still have the problem.



  • 5.  RE: Reauthentication delay in controller HA setup

    Posted Jan 02, 2017 07:32 PM

    I've been facing the same issue. Basically with that release the AP were not adding the second IPsec tunnel with the standby controller so fast failover didn't work. With the only firmware which seems to work in my case is with 6.5.1.2 which is EA.  There are two bugs fixed on this release which prevent the second tunnel with the standby controller using 7210. I've been using all the time GA versions in my environment and I don't feel really comfortable deploying EA so no idea when those bugs will be included on GA.