Overriding a Critical Resource Configuration

Critical resources are device IP addresses or interface destinations on the network interoperated as critical to the health of the network. The critical resource feature allows for the continuous monitoring of these addresses. A critical resource, if not available, can result in the network suffering performance degradation. A critical resource can be a gateway, a AAA server, a WAN interface, or any hardware or service on which the stability of the network depends. Critical resources are pinged regularly by the access point. If there is a connectivity issue, an event is generated stating a critical resource is unavailable. By default, no critical resource policy is enabled, and one needs to be created and implemented.

Critical resources can be monitored directly through the interfaces on which they‘re discovered. For example, a critical resource on the same subnet as the access point can be monitored by its IP address. However, a critical resource located on a VLAN must continue to monitored on that VLAN.

Critical resources can be configured for access points and wireless controllers using their respective profiles.

To define critical resources:

  1. Select Configuration > Devices from the web UI.
    The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
  2. Select Profile Overrides.
  3. Select Critical Resources.

    In the List of Critical Resources tab, the Critical Resource Name table displays the name of the resources configured on this device.

    The screen lists the destination IP addresses or interfaces (VLAN, WWAN, or PPPoE) used for critical resource connection. IP addresses can be monitored directly by the controller, service platform, or access point. However, a VLAN, WWAN, or PPPoE must be monitored behind an interface.

  4. Click Add to add a new critical resource and connection method.
    Click Edit to modify or override the configuration for an existing critical resource. If you are adding a new critical resource, assign it a name up to 32 characters.
  5. Select Use Flows so that the critical resource will monitor using firewall flows for DHCP or DNS instead of ICMP or ARP packets.
    This reduces the amount of traffic on the network. This setting is disabled by default.
  6. To sync adopted devices to state changes with a resource-state change message, select Sync Adoptees.
    This setting is disabled by default.
  7. Use the Offline Resource Detection drop-down menu to define how critical resource event messages are generated.
    Options include Any and All. If you select Any, an event is generated when the state of any single critical resource changes. If you select All, an event is generated when the state of all monitored critical resources change.
  8. Use the Monitor Criteria drop-down menu to select either rf-domain-manager, cluster-master, or All as the resource for monitoring critical resources by one device and updating the rest of the devices in a group.
    If you select rf-domain-manager, the current rf-domain manager performs resource monitoring, and the rest of the devices do not. The RF-domain-manager updates any state changes to the rest of the devices in the RF Domain.

    With the cluster-master option, the cluster master performs resource monitoring and updates the cluster members with state changes.

    With a controller-managed RF Domain, set Monitoring Criteria to All because the controller might not know the VLAN bridged locally by the devices in the RF Domain monitoring DHCP.

  9. In the Monitor Via field at the top of the screen, select the IP option to monitor a critical resource directly (within the same subnet) using the provided IP address as a network identifier.
  10. In the Monitor Via field at the top of the screen, select the Interface check box to monitor a critical resource using the critical resource‘s VLAN, WWAN1, or PPPoE1 interface.
    If you select VLAN, use the spinner control to define the destination VLAN ID used as the interface for the critical resource.
  11. Click + Add Row to define the following for critical resource configurations:
    IP Address Provide the IP address of the critical resource. This is the address used by the access point to ensure the critical resource is available. Up to four addresses can be defined.
    Mode Set the ping mode used when the availability of a critical resource is validated. Select from:
    • arp-only – Use only the Address Resolution Protocol (ARP) for pinging the critical resource. ARP is used to resolve hardware addresses when only the network layer address is known.
    • arp-and-ping – Use both ARP and Internet Control Message Protocol (ICMP) for pinging the critical resource and sending control messages (for example, device not reachable or requested service not available).
    Port

    Define the interface on which to monitor critical resource. This field lists the available hardware interfaces. This option is available only when the selected mode is arp-only.

    VLAN Using the spinner control, define the VLAN on which the critical resource is available.
  12. Select the Monitor Interval tab.
  13. Use Monitor Interval to set the duration, in seconds, between two successive pings to the critical resource.
    Select a duration between 5 and 86,400 seconds. The default setting is 30 seconds.
  14. Use Source IP for Port-Limited Monitoring to define the IP address used as the source address in ARP packets used to detect a critical resource on a layer 2 interface.
    Generally, the source address 0.0.0.0 is used in the ARP packets used to detect critical resources. However, some devices do not support that IP address and drop the ARP packets. Use this field to provide an IP address specifically used for this purpose. The IP address used for Port-Limited Monitoring must be different from the IP address configured on the device.
  15. Use Monitor Retry Count to set the number of retry connection attempts (1 - 10) permitted before this device connection is defined as down (offline).
    The default setting is three connection attempts.
  16. Click OK to save the changes to the critical resource configuration and monitor interval.
    Click Reset to revert to the last saved configuration.