AP visibility and control in a HA Pair

  • 0
  • 2
  • Problem
  • Updated 1 year ago
  • Solved
Hi Community

So I as part of a clients solution, we have deployed a High Available pair of C5210 controllers.
One controller is the primary and the other the backup.

All AP's home to the primary and also creates a backup tunnel to the backup controller.

When an AP fails over to the backup controller we see the following on the Primary controller:


The AP indicates no channel or output power.
If you look at the AP reports on the controller it also indicates as Off.

If we look on the backup controller we do see the AP with the Channel info and transmit power info.

From the backup controller you can see the setting but not change anything again.

For the client this is very frustrating, he has to flip flop between controllers to get the full view and config.

What is your recommendations for managing this?

We also have no easy way of identifying what AP is connected to what Controller.
The only way to do this is to have a look at the AP availablility report, but the client has just over 1000 AP's and to find the specific one is not a quick process.

I would recommend they color code (Green and Blue) be added to the AP configuration list.
At least this is a quick way to see where the AP is currently homes too.
It would also be nice to be able to change AP config from any of the controllers.

Your comments?
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,288 Points 5k badge 2x thumb

Posted 1 year ago

  • 0
  • 2
Photo of Sam

Sam, Employee

  • 1,858 Points 1k badge 2x thumb
Hi Andre, 

What you have described regarding the AP information not being displayed on the primary controller when the AP has failed over is correct. The controller will not report information for an AP that is not connected to it.

https://gtacknowledge.extremenetworks.com/articles/Solution/Access-Point-radio-is-not-showing-a-chan... 

Int the event of a failover you are required to release the APs back to the local controller as follows: 
https://gtacknowledge.extremenetworks.com/articles/Q_A/Do-access-points-automatically-return-back-to...

Some more information on the reports. 
https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-explain-the-Access-Point-Availability...

Just in the AP tab you can do a quick view to see the status of an AP. 


I think i would first investigate why the APs are regularly hitting their poll timeout. Typically, as wireless deployments grow larger, denser, and clients increase, it is advised to increase the AP Poll interval.  If AP Poll timeouts are seen, it is recommended to increase the Fast Failover time to 10 or 20, and the AP Poll timeout to a value of 20 to 30.
https://gtacknowledge.extremenetworks.com/articles/Q_A/At-what-interval-do-the-Access-Points-poll-th...

Your recommendation can be opened as a feature request if you like? (if it is not already one): I would recommend they colour code (Green and Blue) be added to the AP configuration list. 

I hope this helps! 

- Sam 
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,752 Points 2k badge 2x thumb
Hello Andre 
I hear what you are saying but the product has always worked this way. The local controller for an AP that has failed over has no ability to display anything about that AP. As when it fails over to the foreign controller the information (session) is not going through the local controller any longer so it does not see the data. Also Functioning as designed is not being able to make any config changes on an AP that has failed over to its backup controller. Simply release all foreign AP's back to their local controller to make such changes. It happens WITHOUT any user interruptions assuming the local controller is up. I do not believe this will ever be able to be changed it is simply the way the product works. You can create a formal feature request for consideration through either the GTAC or your sales rep for any improvements you wish us to make.  
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,962 Points 20k badge 2x thumb
Just disable FF if the network design allows it.
Hi Andre, we have the same problem. It's frustrating have to find a user in two controllers...
everyday we have to see if some AP have backup tunnel and manually release it to the other controller.
I think that this is not good solutions for this problem.

bye.
Photo of Sam

Sam, Employee

  • 1,858 Points 1k badge 2x thumb
Hi, 

As written above, i would first investigate why the APs are regularly hitting their poll timeout. Typically, as wireless deployments grow larger, denser, and clients increase, it is advised to increase the AP Poll interval.  If AP Poll timeouts are seen, it is recommended to increase the Fast Failover time to 10 or 20, and the AP Poll timeout to a value of 20 to 30.
https://gtacknowledge.extremenetworks.com/articles/Q_A/At-what-interval-do-the-Access-Points-poll-th...

I would advise seeking your local Extreme representative to submit a feature request and discuss options for your site. 

- Sam 
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,962 Points 20k badge 2x thumb
One question.... why do you use the feature and not legacy availability ?!
Sorry, I don't understand you... legacy availability??
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,962 Points 20k badge 2x thumb
from the post above....
To enable legacy failover just remove the checkmark for fast failover.

Legacy failover is slower as the AP doesn't has a tunnel to the 2nd controller already established - slow means that you'd loose 1-2 pings during failover... in my experience.

The difference is that legacy failover has two requirements that MUST be fulfilled to allow the AP to authenticate/switch to the second controller.
1) the AP lose connection to the home controller
2) the controllers lose the connection to each other (=availability tunnel down)

Let's talk about the case in which you don't use legacy failiover.
If the APs connect via i.e. ESA0 and the availbility tunnel is configured on i.e. ESA1.
If ESA0 is down (i.e. broken cable) on the home controller the AP is not longer able to communicate with the controller but as ESA1 is still up (=availability tunnel is still up) the AP is not allowed to authenticate/switch to the second controller.

It's very important if you use legacy failover to use the same interface for AP registration also for the availabilty tunnel configuration.
In a "normal" setup with both controller in the same room and are setup for the same subnets that shouldn't be a problem and you are able to use legacy failover.

So the one thing that you need to make sure in the network design is that there is no such case where the AP is not able to reach the AP registration interface but the controllers could reach each other via the availabilty interface.
Thanks Ronald for your help. Great post.