This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Need Fast Failover with Deauth to trigger Client DHCP-Requests

Need Fast Failover with Deauth to trigger Client DHCP-Requests

htw
New Contributor III

‎05-31-2016 06:31 PM

Hi,
we have a V2110 Controller HA-Pair with EWC-Firmware 10. Both are on different locations with topologies in different subnets. Both locations are connected directly with 10G. Now when a Fast Failover occurs, clients are connected into the topology of the other location but clients need to get a valid IP adress from the other location to be able to communicate. This happens when user triggers a new DHCP-Request. Now I want to happen this automatically.

A solution would be if deauth packet are sent to clients when the failover occurs. It seems it was possible in EWC-Firmware 9 because the following KB entry discribed how to counter those packet if one would not want those deauth packets: https://extremeportal.force.com/ExtrArticleDetail?an=000062011

But I cant find "configure Fast Failover Events" in EWC 10. Is it possible to trigger those deauth packets on Fast Failover?

0 Kudos
6 REPLIES 6

htw
New Contributor III

‎06-02-2016 10:10 AM

I found the following solution:
- Activate Mobility betwen the two HA-controllers
- use different VNS one each controller (the only difference between the VNS is their name, their content, roles and wireless services are the same)
- deactivate "Permit Inter-WLAN Service Roaming" in the advanced settings of the WLAN service which is associated with the VNS

When I release an accesspoint to the other HA controller, the client gets shortly disconnected with reason "VNS[...] Cause[Request from Other Controller]", reassociates and gets a valid IP-Adress from the failover-controllers topologies.

WM has a VNS-desync now because it wants to deploy a VNS always on both HA Controllers but at least clients reassociate now automatically when APs change their controllers (fe. during controller mainteanance)

*happy*
0 Kudos

htw
New Contributor III

‎06-02-2016 06:43 AM

Ok, found it and "Fast Failover Events" was deselected there too. So I actually have the configuration which is discribed in the V9 knowledgebase article. But the clients still doesn't get Deauths' when their AP failovers.
0 Kudos

Ronald_Dvorak
Honored Contributor

‎06-01-2016 02:54 PM

Please check again in the controller GUI- this time in the pop-up window click on the line "Acct" to highlighted it to get the option.
In your screenshot "Auth" is highlighted that is why you can't see the field.

I can't help you with WM as I don't like it = don't use it.
0 Kudos

htw
New Contributor III

‎06-01-2016 05:10 AM

Thanks to your sceenshot I located the option at VSN/Global/Authh. Unfortunately it was already disabled by default there and yet no Deauth packets.

At VNS/WLAN Service Auth this option doesnt exist. Is it a difference between 10.01.03 and 10.01.04?

6545adef9e71443a8592ab54f3e1bdfc_RackMultipart20160601-129407-12yf882-nac5radius_inline.png


I use 802.1x but defined the nac5radius as "RADIUS Server" in WM:

6545adef9e71443a8592ab54f3e1bdfc_RackMultipart20160601-53255-1xv6ewr-wm_nacradius_inline.png



As the screenshot shows there are NAC-definitions "nac5" and "nac6" but I cant select them as RADIUS Server at the WLAN Service definition.
0 Kudos
GTM-P2G8KFN