1-1 Aruba OS 8.x 双控制器冗余架构-Standalone

时间:2024-03-31 21:22:05

AOS 8.x 双控制器冗余架构-Standalone

Aruba无线控制器8.x标准架构由于需要部署Master Mobility,需要增加mm license,增加了成本;或者目前已部署两台AC 6.x版本需要升级,所以会使用standalone模式来实现冗余架构;

Master Mobility架构:
1-1 Aruba OS 8.x 双控制器冗余架构-Standalone 2020
Standalone架构:
1-1 Aruba OS 8.x 双控制器冗余架构-Standalone 2020
1-1 Aruba OS 8.x 双控制器冗余架构-Standalone 2020
注意事项:
• APs can only terminate on the active standalone controller.
• Master redundancy is configured between the two standalone controllers. So, AP failover will not be sub-second since the failover depends on VRRP latency.

8.x: Active standalone and standby standalone controllers

  1. Upgrade the image on the active master to 8.x and reboot the controller.
  2. Provision the active master as an 8.x standalone controller via the CLI setup dialog. The master will now become an 8.x standalone controller.
  3. Repeat steps to convert the standby master into an 8.x standalone controller.
  4. Configure licensing on desired master
  5. Configure master redundancy between the two standalone controllers. As a result of the VRRP configuration, a VIP will be created between MC1 and MC2. Going forward, config management should be done using the VIP.
  6. Under /mm, create an AP group and SSID.
  7. Whitelist your APs on MM by mapping them to the AP group.
  8. On the network, change ‘aruba-master’ to point to the standalone VIP.
  9. The APs will then find the VIP (i.e. active standalone controller), upgrade their images, terminate their tunnels on the VIP and broadcast the configured SSID.
  10. Connect a wireless client to the SSID and test connectivity.
  11. Optionally, test client failover by disconnecting the active standalone controller.

1-1 Aruba OS 8.x 双控制器冗余架构-Standalone 2020

Aruba7005-1配置

hostname “Aruba7005-1”
vlan 20
!
interface gigabitethernet 0/0/0
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 20
!
interface vlan 20
ip address 10.1.20.2 255.255.255.0
!
//加粗部分在 /mm 节点下配置,其余在/mm/mynode
database synchronize period 20
database synchronize captive-portal-custom
!
ha group-profile “mygroup”
state-sync
pre-shared-key aruba123
controller 10.1.20.2 role dual
controller 10.1.20.3 role dual
!
ha group-membership "mygroup"
!
master-redundancy
master-vrrp 20
peer-ip-address 10.1.20.3 ipsec aruba123
!
vrrp 20
priority 110
authentication aruba123
ip address 10.1.20.4
description “Controller-VRRP”
vlan 20
preempt delay 0
tracking master-up-time 30 add 20
no shutdown
!
//以下在 /mm 节点下配置
ap system-profile ap-system-profile-name
lms-ip 10.1.20.2
bkup-lms-ip 10.1.20.3
!
ap-group
ap-system-profile ap-system-profile-name

Aruba7005-2配置

hostname “Aruba7005-2”
vlan 20
!
interface gigabitethernet 0/0/0
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 20
!
interface vlan 20
ip address 10.1.20.3 255.255.255.0
!
//加粗部分在 /mm 节点下配置
database synchronize period 20
database synchronize captive-portal-custom
!
ha group-profile “mygroup”
state-sync
pre-shared-key aruba123
controller 10.1.20.2 role dual
controller 10.1.20.3 role dual
!
ha group-membership "mygroup"
!
master-redundancy
master-vrrp 20
peer-ip-address 10.1.20.2 ipsec aruba123
!
vrrp 20
priority 100
authentication aruba123
ip address 10.1.20.4
description “Controller-VRRP”
vlan 20
preempt delay 0
tracking master-up-time 30 add 20
no shutdown
!
// 以下在 /mm 节点下配置
ap system-profile <ap-system-profile-name
lms-ip 10.1.20.2
bkup-lms-ip 10.1.20.3
!
ap-group
ap-system-profile <ap-system-profile-name

查看配置

(Aruba7005-1) [mynode] #show vrrp
Virtual Router 20:
Description Controller-VRRP
Admin State UP, VR State MASTER
IP Address 10.1.20.4, MAC Address 00:00:5e:00:01:14, vlan 20
Priority 110, Advertisement 1 sec, Preemption Enable Delay 0
Auth type PASSWORD, Auth data: ********
tracking type is master-up-time, duration 30 minutes, value 20
tracked priority 130

(Aruba7005-1) [mynode] #show master-redundancy
Master redundancy configuration:
VRRP Id 20 current state is MASTER
Peer’s IP Address is 10.1.20.3
Peer’s IPSEC Key is ********

1-1 Aruba OS 8.x 双控制器冗余架构-Standalone 2020
(Aruba7005-1) [mynode] #show database synchronize
Last L2 synchronization time: Wed Jan 3 13:23:32 2018
Last L3 synchronization time: Secondary not synchronized since last reboot
To Master Switch at 10.1.20.3: succeeded
To Secondary Master Switch at unknown IP address: succeeded
WMS Database backup file size: 37190 bytes
Local User Database backup file size: 38341 bytes
Global AP Database backup file size: 12946 bytes
IAP Database backup file size: 3751 bytes
Airgroup Database backup file size: 3055 bytes
License Database backup file size: 5600 bytes
CPSec Database backup file size: 3248 bytes
Bocmgr Database backup file size: 6017 bytes
Total size of Captive Portal Custom data: 0 bytes, 0 files
Total size of Captive Portal Custom data last synced: 0 bytes, 0 files
L2 Synchronization took 21 second
L3 Synchronization took less than one second
10 L2 synchronization attempted
0 L2 synchronization have failed
0 L3 synchronization attempted
0 L3 synchronization have failed
L2 Periodic synchronization is enabled and runs every 10 minutes
L3 Periodic synchronization is disabled
Synchronization includes Captive Portal Custom data

(Aruba7005-1) [mynode] #show ha ap table
HA AP Table
-----------
AP IP-Address MAC-Address AP-flags HA-flags

AP310-1 10.1.30.10 70:3a:0e:c0:b8:06 LU
Total Num APs::1
Active APs::1
Standby APs::0
AP Flags: R=RAP; S=Standby; s=Bridge Split VAP L=Licensed; M=Mesh, U=Up
HA Flags: S=Standby, C=Standby connected, L=LMS, F=Sent Failover Request to AP, H=AP flaged for Inter Controller Heartbeat

(Aruba7005-1) [mynode] #show ap database
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP

AP310-1 default 315 10.1.30.10 Up 1h:12m:8s 2 10.1.20.2 10.1.20.3
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; L = Unlicensed
I = Inactive; D = Dirty or no config; E = Regulatory Domain Mismatch
X = Maintenance Mode; P = PPPoE AP; B = Built-in AP; s = LACP striping

(Aruba7005-1) [mynode] #show ap debug system-status ip-addr 10.1.30.10 | begin “Controller Information”
Controller Information
----------------------
Item Value

Primary LMS 10.1.20.2
Backup LMS 10.1.20.3
HA Standby 10.1.20.3
Using Primary
LMS Preemption Disabled
Hold-down period 600
HA Preemption Disabled
Running Hold-down time for HA No
VRRP No
AP to Active Controller Message Information
-------------------------------------------
Item Value

AP state REGISTERED
AP next message ID (10.1.30.10,00000067,19)
Controller next message ID (10.1.20.2,5a4cbaa7,11)
AP to HA_MGR next message ID (10.1.30.10,00000067,1)
Controller HA_MGR next message ID (10.1.20.2,5a4cbaa7,1)
AP to Standby Controller Message Information
--------------------------------------------
Item Value

AP state REGISTERED
AP next message ID (10.1.30.10,024cbab6,2)
Controller next message ID (10.1.20.3,5a4cbab6,0)
AP to HA_MGR next message ID (10.1.30.10,024cbab6,0)
Controller HA_MGR next message ID (0.0.0.0,00000000,0)
Master discovered by:DHCP