Cluster Configuration

This section describes the procedure for setting up a cluster and editing a cluster profile using the WebUI and the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

Configuring a Cluster

Following section describes how to configure a cluster using the WebUI. The configuration is carried out in two stages:

• Creating a cluster profile.
• Attaching the created profile to the cluster group membership.

Perform the following steps to add a cluster profile:

1. In the Managed Network node hierarchy, navigate to the Configuration > Services > Clusters tab.
2. Click + in the Clusters table.
3. Enter a name for the cluster profile in the Name field.
4. Click Submit.
5. To configure the cluster created, select the cluster from Clusters table.
6. In the Cluster Profile > <cluster name> window, expand Basic.
7. To add controllers to the cluster, click + in the Controllers table. The Add Controller window is displayed.
8. Define the parameters listed in Table 1 .
9. Click OK.
10. Expand Advanced.
11. Select the Redundancy check box to enable redundancy in the cluster.
12. Optionally, the Active client rebalance threshold, Standby client rebalance threshold, Unbalance threshold, and Heartbeat threshold can be set. However, these parameters have default settings and Aruba strongly recommends you to use the default settings.

    For Minimum Heartbeat Threshold in milliseconds, the default value for a port channel is 2000 msec and for a single Ethernet Ethernet is a network protocol for data transmission over LAN. connection (without port channel) is 900 msec. However, if heartbeat threshold is configured to a custom value, then that value takes precedence over the default values.

13. Click Submit.
14. Perform the following steps to attach the cluster profile to the cluster group membership.
15. In the Managed Network node hierarchy, select a managed device that you want to add to the cluster.
16. Navigate to the Configuration > Services > Cluster tab and expand Cluster profile.
17. Select a cluster profile from the Cluster group-membership drop-down list.
18. Set the Exclude VLAN field by either typing or selecting from the drop-down list to build a list of VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. IDs separated by commas.

    In the Exclude VLAN drop-down list, if the user selects a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID, the selected value gets added to the already existing content in the field. For example, if the text field contains '2' and the user selects '5' from the drop-down list, the field must display '2,5'. A range of value can also be added, for example, 1-5.

19. Click Submit.
20. Click Pending Changes.
21. In the Pending Changes window, select the check box and click Deploy changes.

Table 1: Cluster Profile Parameters

Parameter	Description
IP version	Select the IP version - IPv4 or IPv6.
IP address	The IP address must be set to the switch IP of the managed device.
Group	This is used to influence the S-UAC and S-AAC assignments made by the cluster leader. Enter an integer value between 1 and 12 for the group id.
VRRP Virtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. IP	The IP used to service all requests initiated by external authentication servers such as CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. .
VRRP Virtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.	The VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. used to service all requests initiated by the external authentication servers such as CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions.
MCast VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.	The VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. used to subscribe the multicast traffic to the upstream multicast router.
Priority	This is used to influence the cluster leader election.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands set up a cluster:

1. To create a cluster node:

   (host) [mynode] (config) #configuration node /md/cluster

2. To change to the configuration cluster node that you created:

   (host) [mynode] (config) #change-config-node /md/cluster

3. To configure a managed device under the previously created node.

   Ensure that the common profiles such as SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., VAP , and AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profiles configured in /managed device/cluster are consistent.

   (host) [mynode] (config) #configuration device 00:1a:1e:02:04:88 device-model A7210 /md/cluster

4. Repeat this configuration for multiple managed devices.
5. All managed devices in the cluster need to be time-synchronized. Hence, it is recommended to have an NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server in a cluster setup. To configure an NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server:

   (host) [cluster] (config) #ntp server <ip address> iburst

   (host) [cluster] (config) #ntp authentication-key 1 md5 <password>

6. To configure the cluster group profile in the Mobility Master:

   (host) [cluster] (config) #lc-cluster group-profile 6NodeCluster

7. Managed devices IP addresses in lc-cluster group-profile can be either IPv4, or IPv6, or a combination of both. However, on the Mobility Master, we can configure IPv4 cluster and IPv6 cluster separately. Both clusters function independently and the Mobility Master can send the configuration updates to the respective managed device.
8. To add the managed devices to the group profile:

   The switch IP of the managed device is used as the IP address in the following configuration. The AP's termination point must also be set to the switch IP of the managed device. The LMS Local Management Switch. In multi-controller networks, each controller acts as an LMS and terminates user traffic from the APs, processes, and forwards the traffic to the wired network. -IP for the AP in the AP system profile becomes the active-AAC (A-AAC) for the AP.

9. For IPv6 network:

   (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller-v6 2000:192:168:28::24 priority 128 mcast-vlan 0 vrrp-ip-v6 :: vrrp-vlan 0 group 0

   (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller-v6 2000:192:168:28::26 priority 128 mcast-vlan 0 vrrp-ip-v6 :: vrrp-vlan 0 group 0

   (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller-v6 2000:192:168:28::22 priority 128 mcast-vlan 0 vrrp-ip-v6 :: vrrp-vlan 0 group 0

   (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller-v6 2000:192:168:28::23 priority 128 mcast-vlan 0 vrrp-ip-v6 :: vrrp-vlan 0 group 0

10. For IPv4 network:

    (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller 192.168.28.22 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1

    (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller 192.168.28.23 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 1

    (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller 192.168.28.24 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 2

    (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ")controller 192.168.28.26 priority 128 mcast-vlan 0 vrrp-ip 0.0.0.0 vrrp-vlan 0 group 2

11. In the Mobility Master, apply the configuration to managed devices:

    (host) [cluster] (Classic Controller Cluster Profile "6NodeCluster ") #write memory

12. Saving Configuration...
13. Partial configuration for /md/cluster
14. Configure the group-membership on each managed devices. If you have nodes only under a node-path that forms a cluster, then execute the command on that node-path [00:1a:1e:02:04:88].

    (host) [00:1a:1e:02:04:88] (config) #lc-cluster group-membership 6NodeCluster

    (host) [00:1a:1e:02:04:88] (config) #write memory

15. On each managed device, check the cluster status:

    (host) #show lc-cluster group-membership

16. To ensure the correct working of client SSO Single Sign-On. SSO is an access-control property that allows the users to log in once to access multiple related, but independent applications or systems to which they have privileges. The process authenticates the user across all allowed resources during their session, eliminating additional login prompts. upon failover, managed devices in the cluster must be L2-connected. The following command shows the status of L2 or L3 connectivity in cluster.

    (host) [md] (cluster)#show lc-cluster vlan-probe status

17. Optionally, on the managed devices, exclude certain VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. for the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. probing algorithm.

    (host) (config) #lc-cluster exclude-vlan <vlan-number>

18. After removing the VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. using the previous command, run the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. probing algorithm again.

    (host) [cluster] (config) #lc-cluster start-vlan-probe

Editing a Cluster Profile

The following procedure describes how to edit a cluster profile:

1. In the Managed Network node hierarchy, navigate to the Configuration > Services > Clusters tab.
2. To edit an existing managed device, select the managed device from the Controllers list. To add managed devices to the cluster, click + in the Controllers table.
3. Edit or enter the values for the parameters described in Table 1.
4. Click OK.
5. Expand Advanced to edit parameters for Active AP load balancing described in Table 1. However, these parameters have default settings and Aruba strongly recommends you to use the default settings.

   When an infrastructure network is not able to handle the load, cluster heartbeat timeout can happen. To handle this, either prioritize the cluster heartbeat packets on the infrastructure network or increase the heartbeat timeout on the cluster profile.

6. Click Submit.
7. Click Pending Changes.
8. In the Pending Changes window, select the check box and click Deploy changes.

Using Basic Show Commands

Use the following show commands to ensure that the cluster configuration is working as expected:

Check the cluster status on each managed device:

View the status of the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. probing algorithm, which runs automatically between every pair of nodes in cluster:

View the reason for cluster member disconnection due to various events and to view the last time stamp of disconnection:

View the cluster heartbeat counters:

View the history of the connection and disconnection events:

View the active or standby AP load distribution within the cluster for an AP:

View the active or standby client load distribution within the cluster for a client:

View the list of APs in standby mode on managed devices:

View the list of users in standby mode on managed devices:

View the list of users in datapath in standby mode on managed devices:

View the A-UAC and S-UAC for any given client. This command can be run on any managed device that is part of the cluster:

View the detailed information about all the connected peers including the heartbeat requests sent or responses received, all the sequence number of missed and delayed heartbeats along with time stamp , last received or sent sequence number to dead peer and the time stamp, This command also displays the current cluster member’s heartbeat threshold and threshold updated count, added or deleted peer count and the current time stamp.

Collect the cluster-related debug information from managed devices:

Collect the cluster-related debug information from an AP:

Collect the IPv6-related debug information:

View the Remote AP inner IP pool for cluster deployment: