Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

choosing right HA design

This thread has been viewed 0 times

  • 1.  choosing right HA design

    Posted May 17, 2014 10:21 AM

    Hello.

    I'm going to set up wireless network with 2 controllers (3400) and 30 APs and I'm wondering which HA design I should choose.

    There will be 3 SSIDs (2 for employees with RADIUS authentication and 1 for guests). Controllers and access points are is the same subnet. The most important is to have nearly no downtime when one controller fails. I also have one license for 32xAP, 32xRF Protect and 32xPEFNG so controllers must share licenses.

    Which solution is better to meet these requirements?

    Which solution gives lower downtime?

    Is it possible to enable both Fast Failover and VRRP?

    Can Centralized Licenses be enabled with these solutions?

     

    Thanks in advance.


    #3400


  • 2.  RE: choosing right HA design

    Posted May 17, 2014 11:24 AM
    Are you planning to serve APs on both controllers ? Or just active / standby setup ?


  • 3.  RE: choosing right HA design

    Posted May 17, 2014 12:35 PM

    Active/active is not necessary. Active/standby will be sufficient.



  • 4.  RE: choosing right HA design

    Posted May 17, 2014 10:21 PM

    Fast failover is what you want if you wanted the fastest transition.  VRRP is effectively the "old school" failover mechanism starting with 6.3 and up.  VRRP is not used when fast failover is configured.

     

    Yes, centralized licensing can be enabled starting with 6.3. 



  • 5.  RE: choosing right HA design

    Posted May 18, 2014 05:53 AM

    I have set up Fast Failover where one controller is active and one is standby. I also have provisioning where all APs are assigned with static IP and master discovery policy is set to Master Controller IP Address with IP address of active controller. Is that configuration good enough to work with Fast Failover?

     

    LMS IP of AP system profile should have IP od active controller? Should I also set backup LMS IP to standby controller?

    Does Fast Failover work with AP bridge mode?

    Is there any command that can verify if APs are connected to both controllers because network summary on active controller displays all 30 APs but standby only 20?

     

    Thanks



  • 6.  RE: choosing right HA design

    Posted May 18, 2014 11:44 AM
    @mate78 wrote:

    I have set up Fast Failover where one controller is active and one is standby. I also have provisioning where all APs are assigned with static IP and master discovery policy is set to Master Controller IP Address with IP address of active controller. Is that configuration good enough to work with Fast Failover?

    The static IP assignment is fine, but DHCP would be preferred.  What do you mean you're "discovery policy is set to master controller IP address with IP address of active controller"?  Do you have a master and two locals (1 active, the other standby)?  Or are you using your master to terminate APs and function as the active controller?

     

     

    @mate78 wrote:

     

    LMS IP of AP system profile should have IP od active controller? Should I also set backup LMS IP to standby controller?

    Does Fast Failover work with AP bridge mode?

    Is there any command that can verify if APs are connected to both controllers because network summary on active controller displays all 30 APs but standby only 20?

    LMS IP should be that of the active controller.

    Do not set a backup LMS IP.  In the HA profile you will configure your active/standby controllers.

    Fast failover is not compatible with bridge mode.  Only tunnel mode is supported.

     

    Here is a link to the the 6.3 user guide that explains step-by-step how to configure fast failover.



  • 7.  RE: choosing right HA design

    Posted May 18, 2014 12:35 PM

    LMS IP of AP system profile should have IP od active controller? Should I also set backup LMS IP to standby controller?
    You should only need to configure the active (ap system profile) and then in the HA config you list the IP address of the controllers with the roles you are planning to use ( active/ standby , dual )
    Does Fast Failover work with AP bridge mode?
    It only works for APs in tunnel and decrypt mode
    Is there any command that can verify if APs are connected to both controllers because network summary on active controller displays all 30 APs but standby only 20?
    You should a flag of S ( standby mode) if you run the show ap database
    And you can also run the show ap standby



  • 8.  RE: choosing right HA design

    Posted May 18, 2014 02:01 PM

    have seen you mention how you configured your controllers: master / local, master / master, ...?

     

    also fixed IPs for AP and fixed master IP configuration are not the most flexible way to go, why not use DHCP for the IPs and let ADP do its work to find a master. saves a lot of trouble if you ever change something in the future.



  • 9.  RE: choosing right HA design

    Posted May 18, 2014 02:03 PM

    Thanks for information.

    The only thing I'm concerned is I cannot see all APs on standby controller. All APs have the same configuration and belong to the same group. Do you have any idea why several APs cannot connect to standby controller? How can I troubleshoot it?

     

    Also is there any way to synchronize configuration between controllers? I mean when I change something on active controller (add guest user, create another SSID), can it push configuration to the standby?

     

    Thanks



  • 10.  RE: choosing right HA design

    Posted May 18, 2014 02:14 PM

    I agree DHCP would be better solution but customer insisted on static IPs.

     

    I guess I found the reason why several APs cannot connect to standby controller. Event logs display the following information.

     

    2014-05-18	20:00:59	User Authentication failed for user 192.168.5.130 with MAC address 00:00:00:00:00:00
2014-05-18	20:00:59	User Authentication failed for user 192.168.5.130 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.131 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.131 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.133 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:00	User Authentication failed for user 192.168.5.133 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:01	User Authentication failed for user 192.168.5.132 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:01	User Authentication failed for user 192.168.5.132 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:04	User Authentication failed for user 192.168.5.134 with MAC address 00:00:00:00:00:00
2014-05-18	20:01:04	User Authentication failed for user 192.168.5.134 with MAC address 00:00:00:00:00:00

     

    These are IPs of APs which cannot connect. Any idea why is that?



  • 11.  RE: choosing right HA design

    Posted May 18, 2014 05:33 PM

    OK. I added those APs to whitelist and now they are all connected.

    Thanks for help.



  • 12.  RE: choosing right HA design

    Posted May 19, 2014 03:56 AM
    @mate78 wrote:

    Also is there any way to synchronize configuration between controllers? I mean when I change something on active controller (add guest user, create another SSID), can it push configuration to the standby?

     

    that was why i asked about master / master, master / local, .... :)

     

    have a look at the validated reference designs to get an understanding about what is possible here:

    http://www.arubanetworks.com/resources/reference-design-guides/

     

    "Campus Redundancy Models" seems a good one for redundancy information.