Header Only - DO NOT REMOVE - Extreme Networks

What do i need to consider before adding my HA controller in a working wireless network?


I have working wireless network now. And i need to include a second controller to increase the number of APs supported. I have 2 C35 and one of them is working as a primary now.

11 replies

Userlevel 4
Hi Carlo,

Please check below KB , let us know if you have any further questions.

https://gtacknowledge.extremenetworks.com/articles/How_To/Configure-High-Availability-on-the-Extreme...

https://gtacknowledge.extremenetworks.com/articles/How_To/Pre-requisites-for-IdentiFi-Appliance-High...

Thanks,
Suresh.B
Thank you for providing me the KB links. I already configured both the controllers for HA. My concern are: - How could i integrate the two controllers in one network? - Do i need to put them together in one switch via a tagged or untagged VLAN? - What port of the EWC to be integrated in the network? - Is it the management or L2 ports? - Will there be a down time in the EWLAN due to the restarting of controllers? If there is any how long will it take?
Userlevel 4
Answering the questions below,
How could i integrate the two controllers in one network?
- You can configure both the controllers in same VLAN.

Do i need to put them together in one switch via a tagged or untagged VLAN?
- It depends on your network design. You can put them on a tagged or untagged VLAN. Most of the time it will be a Tagged VLAN.

What port of the EWC to be integrated in the network?
- Any port from 1 to 4 can be used to connect to the network

Is it the management or L2 ports?
- The port used to connect to the controller will be a management port. Using L2 port we will not be able to manage the controller.

Will there be a down time in the EWLAN due to the restarting of controllers? If there is any how long will it take?
- Controller reload will be suggested in maintenance window. The reload will take only couple of minutes. However, after controller reload we need to wait for the Ap's to come back on the controller.
Userlevel 3
Nathiya,
We have to specify the ip address to do the HA.
Its recomended to use the Admin interface to do the HA?
or..
we must create a new physical Admin interface at the esa0 or esa1 interface.
Userlevel 7
It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).
Userlevel 3
Ron wrote:

It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).

Ok, but if you create other physical adminL3 interface at esa0 and you check Managemen interface we have to disable at vmware options the admin interface because the 802.1x validations are created by admin interface.
Its this correct?
Userlevel 7
Ron wrote:

It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).

Yes and no, if the Admin interface is up and has a IP in the same subnet as the RADIUS server it could result that requests are send out via the interface.

To avoid that you'd do different things.
- disable the interface in the VM
- don't use a IP in the customers network (leave it on the default 192.168.10.1 address) & don't set a default gateway in the host settings of the controller

If it's a VM controller I prefer to disable the interface in the VM.
For a hardware controller just don't plug a cable into the port.
Userlevel 6
Ron wrote:

It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).

See following article: https://gtacknowledge.extremenetworks.com/articles/Q_A/Should-the-Admin-port-on-an-IdentiFi-wireless-controller-be-used-during-normal-operation/
Userlevel 3
Ron wrote:

It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).

Thanks for the repplys,
I am going to shrare with you an unussual behaviour of the V2110 controller. When we restart de controller the web doestn works.
We have to disable esa0 interface (when is physical 'newadmin' l3 interface) and enable in vmware de interface for Admin.
Then we have to access to the web using Admin ip. Then we activate esa0 interface and then physical works ok....
I dont know why...
(in this momment we can disable admin interface at vmware)
Userlevel 6
Ron wrote:

It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).

Fes

I would open a case for that issue, in a failed state, if you can open the console in esxi and then go into the "ip" section of the cli and type "show" just to make sure the route table is correct, that would help.

ewc1.test.com# ip
ewc1.test.com:ip# show

RouteID Dest Addr Netmask Next Hop Topology OverrideDynamic

1 0.0.0.0 0.0.0.0 aaa.bbb.ccc.ddd physical 1 on

-Gareth
Userlevel 3
Ron wrote:

It's NOT recommended to use the Admin interface at all - the interface should only be used for initial configuration and so a support engineer could connect directly to the device in case of troubleshooting.

You should use the same interface for HA that is used to connect the APs to the controller (= the one that has AP registration enabled).

yes the route is in the list

6 0.0.0.0 0.0.0.0 x.x.x.1 Administracion on

we use x.x.x.1 for the gateway.
its a strange behaviour
we dont have much time to open the case because the 802.1x valitation uses this interface, even so we will try to contact whith supprot stuff.

thanks

Reply