Wireless Access

I am building aruba redundancy with two master controllers (VRRP1) and two local controller (VRRP2). The VRRP1 IP and VRRP2 IP are both defined with FQDN. The master is aruba-master.domain.com and local is aruba-local.domain.com. By the way, all APs are configured with static IPs.

1. Put  "aruba-master.domain.com"  into master Discovery field

If two masters both go down, the new APs/rebooting AP will go nowhere.

2. Put  "aruba-local.domain.com"  into master Discovery field

Even both masters go down.  Because the configuration has  be pushed from master to local, all new APs/rebooting AP still are able to working on local no problem.

I checked many design documents. People always say the best practice are put "aruba-master" to Master discovery field. But I am thinking, in my case or ANY redundancy case, putting  "aruba-local.domain.com"  into master Discovery field is the best practice.

Any help to clear this concept would be appreciated.

Michael

Hello!

Normally you would end the tunnel of your APs on your local controllers and you would leave the masters as just the ones that you use to configure.

As this design is too expensive, we also use it to terminate APS., i mean the masters.

If you read the VRDs, you will see that on the examples provided there, the APS always are terminating on the local controllers! not on the masters

Now you can always terminate the APS on the local controllers, and use the Masters active and stand by as backup.

But you need to use the LMS and backup LMS values.

In the box of LMS you will put the IP of the local controller, and on the backup LMS you will put the IP of the Masters VRRP IP addresss.

Now if it happens that both Masters dies, your APS will not notice it but you wont be able to configure any profile until you fix them.

If the Locals dies, then the APS will then fininsh their tunnel on the masters controllers, and the WLAN will keep working.

On your DNS aruba-master value you put the IP of the VRRP ip address of the Master controller

The LMS VALUE will tell the AP where to terminate his tunnel. 

So let say if your VRRP ip address of the masters is 192.168.10.254

And the ip address of your local controller is 192.168.10.253

and you put on the vlaue of aruba-master on your dns server of 192.168.10.254

And on the LMS you put 192.168.10.253 and in the backup LMS you put 192.168.10.254

Then your AP will terminate his tunnel on the 192.168.10.253 because you telling it so in the LMS field...

on the aruba-master yeah you telling it that his master is the 192.168.10.254 but you are telling it where he should terminate hisGRE tunnel on the LMS Value. which is the local controller on our example.

I dont know if that helps you a bit at least to understand better?

You configure the LMS value on the AP group under AP --> AP system, there you will find the LMS fields.

Cheers

Carlos

Hi NightShade1,

Thank you very much for the quick response. I understood what you said no problem. Can you give me an example in which situation we should setup "aruba-master" into Master Discovery field? Of course, there are two controllers (master/local) at least, otherwise there is no choice.

If there is not that situation, maybe "Master Discovery" should be changed to different name in the future release.

Thanks,

Michael

the name 'aruba-master' is what the APs will look for in DNS.

So if you have an entry in your DNS for aruba-master.<domain> set to the ip of your master, the APs will come up on that.  You can then push the APs to a local controller automatically via the lms-ip in the ap-system-profile.

I would not change it from aruba-master, cause that is the default value if you purge or reset APs.

Michael alraedy explained it well!

Cheers

Carlos

Sorry to ask again, but I just want to clarify:

So it's relly right to leave this value set to "aruba-master" even in master/local environments where the APs should terminate on the local? Wouldn't the AP then load its software image from the master controller instead of from the local controller (as the description says)?

Normally I put the IP address of the local controller in both fields in the second line. So what's right now?

oNek,

Leave it exactly the way you have in the picture.  The AP will use DNS or DHCP options to find a controller.  If initially the code on the access point does not match that first controller, it will first upgrade or downgrade to match it, and then reboot.  The access point will then use DNS or dhcp to discover the controller again.  If the AP's code version matches the controller this time,  the access point will present its name and ap-group to that controller, it will tell that AP where to go, if anywhere.

Putting anything besides what you see in your screen capture will override the discovery process and hardcode the access point to a specific controller's ip address.  When the AP finds that controller, based on the AP's ap-group, it can still be sent to a different controller, but on cold reboot, it will always point back to the controller that is specified in the screen capture.  Very few people do this for Campus APs.

I hope that makes sense.