Aruba Networks Version 3.3 specification

When one active Local Controller becomes unreachable, APs connected to the unreachable controller fail over to the standby Local Controller loading that controller to 100% capacity. Therefore each controller must have sufficient processing power and licenses to accommodate all of the APs served by the entire cluster. In this model, preemption should be enabled to force the APs to fail back to the original primary when it comes back online.

The configuration for each Local controller is a mirror image of the other. In the example below, the first controller is primary on 23 and standby on 24:

vrrp 23 vlan 23

ip address 10.200.23.254 priority 100

preempt

authentication <password> description initial-primary-23 no shutdown

vrrp 24 vlan 24

ip address 10.200.24.254 priority 110

preempt

authentication <password> description initial-standby-24 no shutdown

The second Local controller has an opposite configuration:

vrrp 24 vlan 24

ip address 10.200.24.254 priority 100

preempt

authentication <password> description initial-primary-24 no shutdown

vrrp 23 vlan 23

ip address 10.200.23.254 priority 110

preempt

authentication <password> description initial-standby-23 no shutdown

Using this scenario it is recommended to use the MMC-6000 chassis with redundant power supplies connected to at least two independent power sources. The recommended controller blade is the Multiservice Module. It is further recommended that these controllers have a “one-armed” connection to distribution layer switches, using Etherchannel to bond the two 10 Gigabit Ethernet connections.

N+1 designs are a common feature of other vendors’ centralized WLAN architectures. This is usually because the maximum number of APs that can be managed by one controller is limited to a few dozen or a few hundred at most, requiring the deployment of many controllers simply to service the

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Mobility Controller and Access Point Deployment 27

Image 27

Aruba Networks Version 3.3 manual Second Local controller has an opposite configuration

Contents

Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Introduction Aruba Reference ArchitecturesReference Documents Contacting Aruba Networks Telephone Support Aruba’s User-Centric Network Architecture Understanding Centralized Wireless LAN Networks Centralized Wlan Model Introducing Aruba’s User-Centric Network ArubaOS ArubaOS and Mobility Controller Mobility Controller Multi-function Thin Access Points Access PointAir Monitor Aruba’s Secure Enterprise Mesh Network Mesh Portal or Mesh Point Remote AP Mobility Management System Mobility Management System Proof-of-Concept Network PoC Network Physical Design Vlan PoC Network Logical and RF Design Proof-of-Concept Network Proof-of-Concept Network Campus Wlan Validated Reference Design Aruba Campus Wlan Physical Architecture Aruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Understanding Master and Local Operation Mobility Controller Access Point Deployment Mobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Use Special VLANs Do Not Make Aruba the Default Router Vlan Vlan Pools VLANs 10, 20, 30 User Mobility and Mobility Domains MD1 ArubaOS Mobility Domain Master Controller Placement Mobility Controller Physical Placement and Connectivity AP Placement, Power, and Connectivity Local Controller PlacementMobility Controller and Thin AP Communication AP Power and Connectivity AP Location and Density ConsiderationsOffice Deployment Active Rfid Tag Deployment Voice Deployment Required Licenses Configuration Profiles and AP GroupsMobility Controller Configuration Configuration Profiles AP group Profile Types SSIDs, VLANs and Role Derivation AP GroupsProfile Planning VLANs SSIDs Role Derivation Secure Authentication Methods Authenticating with Corporate Authentication Methods for Legacy Devices Authenticating with Captive Portal Employee Role Configuring Roles for Employee, Guest and Application Users Guest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Wireless Intrusion Detection System Role Variation by Authentication MethodWireless Attacks Rogue APs Page Mobility Controller Configuration RF Planning and Operation RF Plan Tool Adaptive Radio Management Page Minimum Scan Time Sec Voice over Wi-Fi Quality of ServiceWMM and QoS Voice-Aware RF Management Voice Functionality and FeaturesTraffic Prioritization Network Wide QoS Comprehensive Voice Management Voice over Wi-Fi LAN / WAN Controller Clusters Mobility Management System Multiple Master/Local Clusters Page Multiple Master/Local Clusters Licenses Appendix a Licenses Wlan Extension with Remote AP Appendix B Wlan Extension with Remote AP Alternative Deployment Architectures Small Network Deployment Mobility Controller located in the network data center Medium Network Deployment Branch Office Deployment Corporate data center DMZ Pure Remote Access Deployment