Aruba Networks Version 3.3 manual Mobility Controller High Availability

Page 24

The Master is responsible for processing wireless intrusion detection system events, presenting the event and the corresponding wireless vulnerability and exploit (WVE) identifier. The Master is also responsible for handling location services correlation algorithms that compute the position of clients as well as rogue APs using signal strength measurements from APs in the network. All heat maps and location events will be handled through the Master Controller’s web interface without needing an additional location appliance. This is the strategy depicted in the VRD model, and is the recommended model when two or more controllers exist in the same network.

 

In a large Campus WLAN with separate Management and Aggregation layers, Access Points and Air

 

Monitors should never terminate on the Master Controller, they should only terminate on Local

N O T E

Controller.

N O T E

N O T E

If the Master becomes unreachable, the network will continue to operate as expected, but without the ability to perform operations such as configuration, heat map analysis or location services, until connection to the Master Controller is restored.

While the Master Controller is needed to perform configuration and reporting, it is not a single point

of failure in the network..

Local Controllers reside at the Aggregation layer of the Aruba Overlay Architecture. They handle AP termination, user authentication, and policy enforcement. When configuring any Local Controller, you will need to know the IP address of the Master as well as the Pre-Shared Key used to encrypt communication between the controllers. If the Master becomes unavailable and no standby Master has been configured, the wireless network will continue to operate, but some management functionality will be unavailable until the connection is re-established.

The control channel between all Mobility Controllers is protected by an IPSec connection. This applies to both a data plane contained within the Local Controller, and a distributed control plane with some components on the Local and some on the Master Controller.

The controllers have a pre-configured key at first boot; this key must be changed for secure

operation of the Master/Local cluster.

Mobility Controller High Availability

As Wi-Fi®networks move beyond conference rooms and become the primary network connection for users, the system must be robust enough to continue operation in the event of any network component failure. The Aruba system offers multiple configuration options to insure that the system operates in a highly available manner.

There are two different redundancies that must be considered: network management redundancy and network operations redundancy. Management redundancy is achieved by having redundant Master Controllers in the network at the Control layer; and operationally, by having two Local Controllers working together to share a load at the Aggregation layer, with each Local Controller acting as a backup for the other.

24 Mobility Controller and Access Point Deployment

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Page 23 Page 25
Image 24
Page 23 Page 25
Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Aruba Reference Architectures Reference DocumentsContacting Aruba Networks IntroductionTelephone Support Understanding Centralized Wireless LAN Networks Aruba’s User-Centric Network ArchitectureIntroducing Aruba’s User-Centric Network Centralized Wlan ModelArubaOS and Mobility Controller ArubaOSMobility Controller Multi-function Thin Access Points Access PointAir Monitor Mesh Portal or Mesh Point Aruba’s Secure Enterprise Mesh NetworkMobility Management System Remote APMobility Management System PoC Network Physical Design Proof-of-Concept NetworkPoC Network Logical and RF Design VlanProof-of-Concept Network Proof-of-Concept Network Aruba Campus Wlan Physical Architecture Campus Wlan Validated Reference DesignAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Mobility Controller Access Point Deployment Understanding Master and Local OperationMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Make Aruba the Default Router Do Not Use Special VLANsVlan Pools VlanUser Mobility and Mobility Domains VLANs 10, 20, 30ArubaOS Mobility Domain MD1Mobility Controller Physical Placement and Connectivity Master Controller PlacementAP Placement, Power, and Connectivity Local Controller PlacementMobility Controller and Thin AP Communication AP Power and Connectivity AP Location and Density ConsiderationsOffice Deployment Voice Deployment Active Rfid Tag DeploymentConfiguration Profiles and AP Groups Mobility Controller ConfigurationConfiguration Profiles Required LicensesProfile Types AP groupSSIDs, VLANs and Role Derivation AP GroupsProfile Planning SSIDs VLANsSecure Authentication Methods Role DerivationAuthenticating with Corporate Authenticating with Captive Portal Authentication Methods for Legacy DevicesConfiguring Roles for Employee, Guest and Application Users Employee RoleGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Intrusion Detection System Role Variation by Authentication MethodWireless Attacks Rogue APs Page Mobility Controller Configuration RF Plan Tool RF Planning and OperationAdaptive Radio Management Page Minimum Scan Time Sec Voice over Wi-Fi Quality of ServiceWMM and QoS Voice Functionality and Features Traffic PrioritizationNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi Controller Clusters Mobility Management System LAN / WANMultiple Master/Local Clusters Page Multiple Master/Local Clusters Appendix a LicensesLicenses Appendix B Wlan Extension with Remote APWlan Extension with Remote AP Small Network Deployment Alternative Deployment ArchitecturesMedium Network Deployment Mobility Controller located in the network data centerBranch Office Deployment Corporate data center Pure Remote Access Deployment DMZ
Top Page Image Contents