ExtremeWireless (Identifi)

  • 1.  Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:11
    At a given customer szenario we have 2x V2110 as central wireless controllers (V10.41.). We use PSK and 802.1x (EAP-TLS) Authentication against Extreme Control (NAC).

    Now we thought about the opportunity to use "Site" feature at 2 bigger branches to eliminate the dependency from a working WAN Connection. RADIUS Server will be a on-premise NAC Gateway. This both huger branches have a needed Servers locally.

    Now i read this article:
    Can I use high availability and sites in conjunction with each other? (000017850)

    ... so it should be decided to either use 2 controllers in a HA pair, or APs being configured for sites, but not both.

    That is clearly to understand.
    But this is very hard, because this means i have to destroy central HA Pair or buy a separate EWC only for this bigger branch APs. Thats both in most case no usage choice for my customer.

    Do i miss something ?

    Or do i have to block only the WASSP connection from "site" APs to backup controller with firewall ruleset ?



  • 2.  RE: Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:20
    Here the KB link to the arcticel that is mentioned above....

    https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-i-use-high-availability-and-sites-in-conj...

    AnswerNo, those two features should not be used together. Sites is meant for APs that might lose connectivity to the controller, while the high availability feature is based on the use-case that there will always be a connection to the controller (pair).
    When these features are used together there can be incorrect behavior when roaming on APs in sites-mode or disconnects, so it should be decided to either use 2 controllers in a HA pair, or APs being configured for sites, but not both.
    First time that I've heard that I shouldn't use this two functions together..... I don't buy it 🙂


  • 3.  RE: Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:20
    Do you think this KB Article is out-dated and not valid for EWC V10.41. (and later) ?

    Do run these both features together on any of your implementations ?


  • 4.  RE: Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:20
    Hello Matthias,

    as far as I know there where no functional changes in this feature for a longer time.

    HA is not a fixed term within ExtremeWireless, there is only "Availability" and "Session Availability. You can use Availability on the controller pair but NOT "Session Availability".

    The site feature is designed for scenarios in which it is assumed that the authentication takes place locally because the controller may not be accessible, so "Session Availability" makes less sense.

    Please be aware of the other restrictions (not sure if these values are actual):

    • 32 APs per Site
    • 1000 MUs per Site
    Best regards
    Stephan



  • 5.  RE: Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:20
    A hint not to use "Session Availability" is part controller user guide, too.


  • 6.  RE: Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:20
    Hi Stephan,

    my problem is that "Session Availability" is a required feature at Headquarter and most of branches.

    Session Availability is a "global" Parameter - so i have to disable this because i want to use "Site" feature.

    At the end - session availability beats site feature...

    That 's so often a problem of extreme gear that there several good features but if they want them suing together i have to device one or the other ... That's a bad game...

    Another problem is that my RADIUS Server is Extreme Control (=NAC Gateway):
    But Extreme Wireless (Site feature) does NOT support Extreme Control!
    (because NAC needs SNMP access back to the AP)

    If i am wrong on any point please correct me.



  • 7.  RE: Extreme Wireless - Controller as HA Pair and AP Sites feature for bigger branches

    Posted 10-25-2018 10:20
    For Information:

    Version 10.x allows higher Limits within Site Feature.

    https://gtacknowledge.extremenetworks.com/articles/Q_A/IdentiFi-Sites-feature/