Load Balance 2 Wireless Controllers?

Similar Messages

• Load Balancing - Wireless

  Hi
  If I'm reading correctly Load Balancing is not advisable if using voice of wifi.
  On a conroler with 70.220 - Wireless - Advanced - Load balancing
            Load balancing - client windows is default 5, max denial 3
  But on the wlan, the load balancing isn't enabled..
  Which one is the master setting?
  We're boardcasting several SSIDs, one of them is a guest SSID, which is open, so we get the Apple devices autmaticaly associating to them.
  So if we dont set the load balancing on each wlan, this means there is a msximum of 5 devices to 1 AP, doesn't matter which wlan it's on?
  Is there a best practice guide for load balancing?
  Clarrifaction would be great
  Cheers
  Craig

  Craig,
  Do not use load balancing for latency-sensitive WLANs, especially voice WLANs. Rejecting voice clients extends their roaming delay and can drop calls.
  The setting on the WLAN Advanced tab determines whether or not clients associating to that WLAN will be denied if the load balancing algorithm determines the AP to which the client wants to associate is too loaded (determined by the global LB settings). If you have the box unchecked, then LB is not in effect for that WLAN and clients on that WLAN will never be rejected.
  The load balancing algorithm is run against clients for an AP. The count of clients is cumulative for all WLANs, i.e., the load balancing numbers are not set and comared on a per-WLAN basis. This wouldn't make a lot of sense as the LB algorithm is attempting to keep clients physically spread across infrastructure radio resources, regardless of whether you have 1 WLAN or 5 WLANs active on the radio.
  I don't know of a best practices guidefor load balancing other than don't use it on WLANs that have low-latency applications such as voice or live-streaming (unbuffered) video. The controller configuration guide is a good place to start and does a pretty good job of explaining how it works.
  One other thing I would recommend is to make the algorithm less aggressive. I think max 3 denials is too high and would drop to 1 or 2. I'd also open up the LB window size to about 8 or 10 instead of the default 5.
  I think some folks on the forums here have found some issues with LB, although I haven't run into too many so far. I think the AP sends a message type 17 and some clients have trouble processing it (or something like that). You might want to search the forums here and check the bug toolkit to see if there's anything that comes up.
  Justin

• Question about Load Balancing Wireless connections using WLC- F5- ISE

  Hi all,
  Can anyone give me some orientation how the radius auth process/handshake between the WLC and ISE changes once the F5 is installed in the middle in order to perform load balancing?
  We can do some kind of load balancing by configuring different radius servers on each WLC for which, I must configure the same shared secret in the WLC and ISE so the radius request/accept could be processed.
  Now that we have the F5 in the middle, do I need to create/configure the same shared secret in the F5 so radius transactions can be processed by this device?. Based on the following link, I must configure the F5 in the ISE like another NAD device (similar to the WLC) but I do not know if this additional configuration in the ISE includes the Auth parameter to be added in the ISE NAD (F5) configuration.
  How to properly use a load balancer in Cisco's Identity Services Engine
  http://www.networkworld.com/community/blog/load-balancing-cisco-identity-services-engine
  Our sheme is shown next,

  When you covert the pair into SSO, all the APs will go to the ACTIVE unit.  No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
  This is the first step you need to get sorted.  Send an email to [email protected] and give them the exact details of what you want to do (i. e.  AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC.

• Load-Balancing between Foreign and two Anchors

  Hi, we have two foreign controllers (one active, one standby) and two anchor controllers. All APs are connected to the active foreign controller. The layer 3 networks for the wlan clients on both anchors are different for the same SSID. SSID: Internet, anchor 1: Subnet A, anchor 2: Subnet B. So when a client is getting anchored to Anchor 1, the clients will get an ip from subnet A and when the client is getting anchored to anchor 2, the client will get an ip from subnet B.
  This is so far not a big problem because we only have a few accesspoints in some rooms. But what will happen, when we have a full covered wlan and the client roams from one AP to the other AP? Is there a possibility, that the client will anchored to a different anchor while roaming? I think this will result in a lack of connectivity because without a real disconnect the client will not ask for a new IP address.
  Other question: Is it possible to disable this load-balancing between anchor controllers? Or can i make a client sticky to only one anchor as long as an access-session is established?
  All controllers are 5760 with 3.3.3 software.

  Hi acontes, 
  It's an interesting question. 
  In this case, if all AP's are on WLC-A and there is no possibility that an L3 inter-subnet roam will occur between WLC-A and WLC-B, I would just forward WLC-A to Anchor A and WLC-B (in the event of fail over) to Anchor B (if Anchors reside on different subnets). If you must specify Anchor A and Anchor B on each WLC for redundancy purposes, it's important to understand the guidelines and limitations with regard to Foreign / Anchor Design.  
  As Scott mentioned, the limitation with Anchoring design is that there is no primary / secondary configuration for an Anchor on the Foreign WLC.
  If WLC-A has two entries (1) for Anchor-A and (2) for Anchor-B, the EoIP tunnels are establish and load-balancing occurs in a round robin fashion.
  Keep in mind the following with regard to guest N+1 redundancy:
  •A given foreign controller load balances wireless client connections across the list of anchor controllers configured for the guest WLAN. There is currently no method to designate one anchor as primary with one or more secondary anchors.
  •Wireless clients that are associated with an anchor WLC that becomes unreachable are re-associated with another anchor defined for the WLAN. When this happens, assuming web authentication is being used, the client is redirected to the web portal authentication page and required to re-submit their credentials.
  Since traffic is transported at Layer 2 via EoIP, the first point at which DHCP services can be implemented is either locally on the anchor controller or the controller can relay client DHCP requests to an external server. Since the IP address directly correlates to the DMZ subnet or the interface where the traffic egresses, it is possible for some clients to get IP's from both Subnet A or Subnet B in the event that WLC-A is building EoIP to both anchors.
  1) What happens if my clients roam?
  Nothing... since all AP's are on WLC-A, it's Intra-Controller Roaming
  Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or client-assigned IP address. The controller provides DHCP functionality with a relay function. Same-controller roaming is supported in single-controller deployments and in multiple-controller deployments.
  Would it be better to choose the same DHCP Pool on both anchors?
  It's probably better to have redundant anchors on the same subnet, but it's not required. 
  3) How would you design this :-)
  WLC-A <--EoIP--> Anchor A (DHCP Pool A)
  WLC-A <--EoIP--> Anchor B (DHCP Pool A)
  It's important to remeber what Scott mentioned about the lack of a primary / secondary relationship. If multiple controllers are added as mobility anchors for a particular WLAN on a foreign controller, the foreign controller internally sorts the controller by their IP address. The controller with the lowest IP address is the first anchor. For example, a typical ordered list would be 172.16.7.25, and 172.16.7.28. If the first client associates to the foreign controller's anchored WLAN, the client database entry is sent to the first anchor controller in the list, the second client is sent to the second controller in the list, and so on, until the end of the anchor list is reached. The process is repeated starting with the first anchor controller.
  If any of the anchor controller is detected to be down, all the clients anchored to the controller are deauthenticated, and the clients then go through the authentication/anchoring process again in a round-robin manner with the remaining controller in the anchor list. This functionality is also extended to regular mobility clients through mobility failover. This feature enables mobility group members to detect failed members and reroute clients.

• WLC - Aggressive Load Balancing?

  Hello,
  The Wirless LAN Network bulit is as follows -
  1. 1 x 4404 WLC
  2. 40 x LWAPP 1131AG Access Points
  3. Windows Clients used by the Laptop Clients.
  4. Only one Wireless VLAN across the Capmus network - hence AP's, WLC & Clients are all in one VLAN / IP Subnet.
  5. No Access Point Group is created.
  6. Aggressive Load Balancing is enabled allowing 15 Clients as max connection per Access Point.
  Problem facing -
  1. Tried configuring the Aggressive Loadbalancing allowing only 2 x Clients per AP. But noticed that the 3rd Client connecting to the same AP as of the previous 2 Clients have connected. 3rd client is not associating to a different AP which is nearby.
  Please can one help me, if i'm configuring & testing Aggressive Load Balancing in the right way!
  Regards,
  Keshava Raju

  AMR is on target. In fact I just completed 20 hours worth of testing with variuos clients with ALB for a white paper I am doing. Code 17 isnt honored by most clients and is only sent 1 time from the AP. The clients will contiue to attempt to associate to the AP and the AP will allow them on.
  Here is a peek of my white paper "still in draft"
  WLC - Cisco WLC Aggressive Load Balancing; What is it and where did it go in 6.0!
  I've spent the majority of my WLC experience at code level 4.2. Not by choice really, more
  based on the fact that 4.2 is pretty darn stable and it is the only safe harbor to date for the Cisco WLC. Healthcare and Enterprise enviroments are typically slow to move on upgrades, especially when things are operating fine. 
  Since my latest project involves the deployment of hundreds of Cisco 1142s @ location grade, it required that I move to later code to support the 1142 access points. After much research, conversations with our
  local Cisco Wireless SE, conversation with peers at other healthcare organizations, and direct contact with the aware team I had decided that 6.0.188.0 was a release that was of great interest.
  As I start to get fimilar with the new code I am starting to see that things got moved around a little. One of the items is Aggressive Load Balancing. If you aren't fimilar with Aggressive Load Balancing (ALB) you definitly need to be and let me share why.
  First lets look at what ALB is and how it works and then we will dive into the differences between the 4.2 code and the new options 6.0 gives us. ALB when enabled, allows the Cisco WLC to load balance wireless clients on access points that are joined to the same controller. “Key word here – same controller”. You can configure the load balancing window globally in the controller. What is the load balancing window you ask? Well is the maximum number of clients that should be allowed on the access point BEFORE it will start to load balance.
  Lets assume for a moment you have an access point with 5 clients already attached. When client #6 sends association request to the access point the access point will kindly respond with an associaton response frame with the reason code of 17. The wireless client will see reason code 17 in the association response and will kindly find other access points to associate with. However, some devices will ignore this frame and yet still continue to try and associate to the access point. Note: The Cisco WLC will ONLY send 1 reassociation frame with a reason code of 17. It doesn’t flood the medium / client with multiple frames.
  Its up to the client to honor this information and move on. But I can tell you from my experience and testing this isn’t always the case.
  By default, 4.2 and 6.x both have a load balancing window of (5). Lets look at an example.
  The window setting controls when aggressive load−balancing starts. With a window setting of five, for
  example, all clients after the sixth client are load−balanced.
  I know, what is the reason code talk, right. Lets cover this as well. If you dive into the 802.11 frames you will see “Reason Codes”. When a client sees the reason code of “17”, it indicates to the client that the access point is busy and the client should look else where.
  yada yada yada
  I will post the complete paper on my site: my80211.com in the next week or so ...

• AD password Sync connector .. LOAD Balanced

  we are using AD password sync 9.0.4.x connector with 4 domain controllers. OIM is on 9.1.0.2. Is it possible to configure AD password sync with load balanced Domain Controllers. User are binding to all domain controllers. Please let me know how to achieve this. I am not able to find any document on this. Thanks
  Akshay

  In password synch the event stream is as follows:
  User changes password on the user's machine
  The user's machine contacts a "suitable" AD domain controller and updates the user password
  The first AD domain controller contacts other AD DCs in order to replicate the change
  At some point the AD DC that contains the OIM password synch client module gets updated
  The AD password synch client module contacts OIM and updates the password in OIM
  Unless you change the OIM AD password synch client you can't have the connection go through a load balancer. According to the connector manual section 2.2 Installing the Password Synchronization Module(http://download.oracle.com/docs/cd/E11223_01/doc.904/e10450.pdf) you can do this at install time but I don't know if it can be done post installation.
  Best regards
  /Martin

• Wlc unified, load balancing

  removed

  Hello,
  Aggressive load-balancing on the WLC allows the LAPs to load-balance       wireless clients across APs in an LWAPP system.
  Please take a look at the following cisco doc which illustrates aggressive load-balancing on the WLC:
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809c2fc3.shtml

• Load balancing to multiple anchor controllers

  Checking to see if there is a way to control how the inside controller load balances to 2 anchor controllers.  I was told its connection by connection, but wasn't sure if its true, and if that could be changes to a particular hash or something.
  Thanks,
  Jason

  There is no configuration to define what will be the primary or secondary path.  The foreign WLC will determine which anchor it will send the traffic to.
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• Wireless clients load balancing on the APs on WLC 4404

  Hi Experts,
  I'm just wondering if the WLC 4404 with firmware 4.2.207.0 can load balance the wireless clients on different WAPs. Let's say that an AP is already handling 15 Wireless devices. When the 16th is trying to join, the controller somehow puts it on another nearby AP, even the signal from this AP is weaker. I heard the similar feature on other Wireless solution vendors. I'm just wondering if Cisco has the similar feature or not.
  Thanks!

  Yes it is known as aggressive load balancing sending a code 17 making the wireless client to loook at another nearby AP.
  here it is the documentation:
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809c2fc3.shtml

• Dual wireless/ Load Balancing/ Link Aggregation

  Hi all,
  I've been reading up on this topic all day, with multiple Google and Apple searches, but haven't found the exact answer to this query. There was another post on this forum http://discussions.apple.com/thread.jspa?threadID=1660762 which was vaguely similar.
  Basically I'm looking to experiment with combining 2 wireless connections, and therefore 2 seperate internet connections into one Mac.
  I have seen suggestions of using a couple of wireless -> ethernet bridges, since Leopard supports Link Aggregation of ethernet devices. But the first question I have is: since I use a 3rd party wireless adaptor (Netgear wg111v3 USB dongle), it already shows up in Network Preferences as an Ethernet port. Leopard treats it as an actual ethernet device, hence is oblivious to the fact it is a wireless adaptor. Since Leopard thinks it's an ethernet port, could I use a second wireless dongle and then use Link Aggregation on them both?
  Additionally, if that idea were to work, would it then be possible to connect each wireless adaptor to a seperate wireless network, or would they both have to connect to the same access point?
  My DSL connection is roughly 512k on a good day, but I find this bandwidth to be choked when someone else at home is streaming videos etc. So in principle my idea was to have one connection using the regular DSL line as usual, plus connect the secondary wireless to my friend's wireless over the road when needed (and yes he's already agreed to my use since he rarely accesses the net). Therefore, giving a total theoretical bandwidth of 512k x2.
  Since I aim for a load-balancing idea (spreading traffic over both connections), the main issue I can forsee is that this Mac will have problems routing traffic with both IPs since I read somewhere else that DNS problems might occur.It seems relatively easy to use Terminal to add a default route for specific destinations (e.g. all traffic to apple.com out of one interface, all traffic to yahoo.com out the other). However, I wondered if web traffic could be forwarded out one connection, whilst email traffic goes through the other. Alternatively, it would be great if web traffic could be "halved" and sent out both wireless connections simultaneously, though I don't think there's an easy way to do this (it would just be a nice feature if possible).
  Your thoughts and advice on the matter would be much appreciated, and I'm going to continue experimenting with various ideas and see what I come up with.

  Hi all,
  I've been reading up on this topic all day, with multiple Google and Apple searches, but haven't found the exact answer to this query. There was another post on this forum http://discussions.apple.com/thread.jspa?threadID=1660762 which was vaguely similar.
  Basically I'm looking to experiment with combining 2 wireless connections, and therefore 2 seperate internet connections into one Mac.
  I have seen suggestions of using a couple of wireless -> ethernet bridges, since Leopard supports Link Aggregation of ethernet devices. But the first question I have is: since I use a 3rd party wireless adaptor (Netgear wg111v3 USB dongle), it already shows up in Network Preferences as an Ethernet port. Leopard treats it as an actual ethernet device, hence is oblivious to the fact it is a wireless adaptor. Since Leopard thinks it's an ethernet port, could I use a second wireless dongle and then use Link Aggregation on them both?
  Additionally, if that idea were to work, would it then be possible to connect each wireless adaptor to a seperate wireless network, or would they both have to connect to the same access point?
  My DSL connection is roughly 512k on a good day, but I find this bandwidth to be choked when someone else at home is streaming videos etc. So in principle my idea was to have one connection using the regular DSL line as usual, plus connect the secondary wireless to my friend's wireless over the road when needed (and yes he's already agreed to my use since he rarely accesses the net). Therefore, giving a total theoretical bandwidth of 512k x2.
  Since I aim for a load-balancing idea (spreading traffic over both connections), the main issue I can forsee is that this Mac will have problems routing traffic with both IPs since I read somewhere else that DNS problems might occur.It seems relatively easy to use Terminal to add a default route for specific destinations (e.g. all traffic to apple.com out of one interface, all traffic to yahoo.com out the other). However, I wondered if web traffic could be forwarded out one connection, whilst email traffic goes through the other. Alternatively, it would be great if web traffic could be "halved" and sent out both wireless connections simultaneously, though I don't think there's an easy way to do this (it would just be a nice feature if possible).
  Your thoughts and advice on the matter would be much appreciated, and I'm going to continue experimenting with various ideas and see what I come up with.

• Unequal Load Balancing with EIGRP over 4 Wireless networks

  We are trying to load-balance on 4 interfaces that have unequal bandwidths. The setup looks like this
  8 Computers -> Empty Config Switch -> 3560 Router\Switch -> 4x Wireless Radios on different frequencies - networks -> 3560 Router\Switch->Empty Config Switch -> 8 Computers
  We have EIGRP setup and the bandwidths defined, and the routes are showing proper share counts, but once we start adding traffic to the network, they all jump on one of the links. The config and everything looks right, its just not working. I have tried switching to different cef algorithms. Removed the vlans . I made them equal cost and they did the same thing. Its like EIGRP does not want to load balance.
  When i did this config with static routes or as OSPF, it actually load balanced them, but I'm stuck with a 1:1 share ratio. If i could control the ratio, then that would be an acceptable solution.
  Any ideas on what could be causing this?
  Code:
  Routing entry for 192.168.104.0/24
    Known via "eigrp 10", distance 90, metric 13312, type internal
    Redistributing via eigrp 10
    Last update from 192.168.2.4 on Vlan2, 00:04:25 ago
    Routing Descriptor Blocks:
    * 192.168.9.4, from 192.168.9.4, 00:04:25 ago, via Vlan9
        Route metric is 51712, traffic share count is 31
        Total delay is 20 microseconds, minimum bandwidth is 50000 Kbit
        Reliability 255/255, minimum MTU 1500 bytes
        Loading 1/255, Hops 1
      192.168.5.4, from 192.168.5.4, 00:04:25 ago, via Vlan5
        Route metric is 13312, traffic share count is 120
        Total delay is 20 microseconds, minimum bandwidth is 200000 Kbit
        Reliability 255/255, minimum MTU 1500 bytes
        Loading 1/255, Hops 1
      192.168.3.4, from 192.168.3.4, 00:04:25 ago, via Vlan3
        Route metric is 26112, traffic share count is 61
        Total delay is 20 microseconds, minimum bandwidth is 100000 Kbit
        Reliability 255/255, minimum MTU 1500 bytes
        Loading 1/255, Hops 1
      192.168.2.4, from 192.168.2.4, 00:04:25 ago, via Vlan2
        Route metric is 13312, traffic share count is 120
        Total delay is 20 microseconds, minimum bandwidth is 200000 Kbit
        Reliability 255/255, minimum MTU 1500 bytes
        Loading 1/255, Hops 1
  3560_Switch_1#show int Fa 0/1 | inc packets/sec
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
  3560_Switch_1#show int Fa 0/2 | inc packets/sec
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
  3560_Switch_1#show int Fa 0/3 | inc packets/sec
    5 minute input rate 17111000 bits/sec, 2545 packets/sec
    5 minute output rate 13872000 bits/sec, 2251 packets/sec
  3560_Switch_1#show int Fa 0/4 | inc packets/sec
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
  3560_Switch_1#show ip cef exact-route 192.168.101.57 192.168.104.57
  192.168.101.57 -> 192.168.104.57 => IP adj out of Vlan5, addr 192.168.5.4
  Here is the config.
  Code:
  ip cef load-sharing algorithm universal 00123456
  interface FastEthernet0/1
  switchport access vlan 2
  bandwidth 200000
  delay 1
  spanning-tree portfast
  interface FastEthernet0/2
  switchport access vlan 3
  bandwidth 200000
  delay 1
  spanning-tree portfast
  interface FastEthernet0/3
  switchport access vlan 5
  bandwidth 200000
  delay 1
  spanning-tree portfast
  interface FastEthernet0/4
  switchport access vlan 9
  bandwidth 200000
  delay 1
  spanning-tree portfast
  interface GigabitEthernet0/1
  description USER PORT
  switchport access vlan 100
  spanning-tree portfast
  interface Vlan2
  bandwidth 200000
  ip address 192.168.2.1 255.255.255.0
  delay 1
  interface Vlan3
  bandwidth 100000
  ip address 192.168.3.1 255.255.255.0
  delay 1
  interface Vlan5
  bandwidth 200000
  ip address 192.168.5.1 255.255.255.0
  delay 1
  interface Vlan9
  bandwidth 50000
  ip address 192.168.9.1 255.255.255.0
  delay 1
  interface Vlan100
  description User Data
  ip address 192.168.101.1 255.255.255.0
  router eigrp 10
  maximum-paths 8
  variance 15
  network 192.168.2.0
  network 192.168.3.0
  network 192.168.5.0
  network 192.168.9.0
  network 192.168.101.0

  Yup, that was the first cef algorithm I had tried.   ip cef load-sharing algorithm include-ports source destination
  I tried all of the different types.
  Also, I was sending data trough iperf from 4 computers + 1 comp steaming video on one network to 5 computers on another network.  In any case of source or destination, it should have switched over.  The odds of it all going on Vlan 5 is ~ 0.6%   Restarting the router sometimes places it all on a different vlan, but in any case its all or nothing.   

• Wireless Bridge Load Balancing

  Is it possible to configure two 1300 series bridges at one location, each handling a bridge link to another location to BOTH backup and load balance for each other should one of them fail?

  Hi,
  You can achieve this with quiet a few options -
  1) Routing - You can configure the two routes with same AD to achieve Load Balancing and failover. Care should be taken be cause connectivity between router and bridge would be ethernet and if the radio link fails router would never come to know about this failure and will keep sending the traffic on the failed link. Usee SAA probes with ICMP to track the link failure.
  2) You can configure etherchannel between two switches and achieve load balancing + failover.
  >> Sushil

• Guest N+1 redundancy & load balancing in seperate data centers

  I need assistance in aquiring documentation to setup N+1 redundancy & load balancing between two seperate guest anchor controllers installed in seperate data centers. Can you explaing how it should be setup or point me in the right direction for documentation? If you can't point me in the right direction to aquire documentation; can you answer the following questions?
  1) How do I setup my mobility groups on my guest anchor controllers installed in the DMZ? Should both guest anchor's be in the same mobility group.
  2) Do both guest anchors share the same virtual IP or do they need to be seperate (DMZ01 - 1.1.1.1 / DMZ02 - 2.2.2.2)? I think seperate!
  3) Are there any configuration parameters on the guest anchors for load balancing?
  4) Do either on of the guest anchors need to be setup as a master controller? I'm not sure?
  5) Are there any configuration parameters on the foreign controllers for load balancing?
  6) How do I setup my foreign controllers? Should both guest controllers be added to the mobility group on the foreigh controller? I would think both of them would be added to the foreign controller mobility group.
  7) Should both guest anchors be added as an anchor on the WLAN? I would think both controllers would need to be added as anchors under the WLAN!
  8) Am I missing anything here? This is how I think it should logically work?
  Thanks,
  Gordon

  I need to elaborate on my questions:
  1) Do both of my guest DMZ anchors need to be in a seperate mobility group on their own or can the guest anchors be in completely seperate mobility groups? All 100 + foreign controllers are in seperate mobility groups.
  I) Example #1: Guest anchor number 1 (Mobility group: DMZ) / Guest anchor number 2 (Mobility group: DMZ)
  II) Example #2: Guest anchor number 1 (Mobility group: DMZ01) / Guest anchor number 2 (Mobility group: DMZ02)
  2) Do both guest anchor controllers have to be configured with seperate virtual IP's or do they share the same address?
  I) Follow up to this question: I want to register the DMZ controllers with our DNS servers so that my clients receive a name when authenticating through my customized webauth. I am currently using 1.1.1.1 as the virtual address and I'm pretty sure this is the address I need to register with my external DNS server. My question is this. Does the address I use for the virtual interface matter? 1.1.1.1 is not a valid address with my network. Do I need to assign a valid address registered with my network if I'm going to add this address to my external DNS servers?
  3) No change to my original question.
  4) No change to my original question.
  5) No change to my original question. I have run into Cisco documentation that mentions guest anchor load balancing, but the documentation is very vague. I'd love to be able to load balance as the network group wants to limit my guest traffic to the internet. I could double my pipe if I could load balance the guest anchors.
  6) No change to my original question, but the answer to question one is key to the setup of my foreign controllers.
  7) Elaboration: Should both guest controllers be added as an anchor under the WLAN on the foreign controllers? I would think both of them would be added.
  8) No change:
  9) Should my secondary guest controller be added as an anchor on the WLAN of the primary guest DMZ controller and visa versa?
  Can my Cisco expert answer this or do I need to open a TAC case?
  Thanks,
  Gordon Shelhon
  SR. Wireless Services Engineer
  Company: Not specified

• To Load Balance or Not to Load Balance? ISE and F5 Big IP

  Currently my team is debating whether to put our two ISE appliances (PSN nodes) behind our F5 load balancing deployment. 
  Our network is relatively small in size (5K users) with a small wireless deployment (4 Cisco controllers with 300 Access points). Network growth should remain relatively minimal over the coming years. 
  We will be rolling out wired Dot1X, followed by posture assessment and remediation. (BYOD is not an option). 
  On one hand, the Big IP features could make it easier for us to perform load balancing, maintenance and troubleshooting. 
  On the other hand, the Big IP adds another element of complexity into an already complex deployment. We already have the capability to load balance from the switches themselves. Load balancing for wireless should not  be an issue as our deployment is very small and I expect it to remain so. Given the size of my environment, there seems to be relatively little to gain for the additional effort and potential pitfalls. 
  Would anyone care to share their honest opinion on this issue?
  Thanks, 
  Phill

  Load balancers are elegant and do their job nicely when it comes to distributing the load between servers. You already have one so I would suggest using it if you have the technical expertise to configure it.
  With that being said, if your team is not 100% comfortable with F5 then you should definitely skip it. Instead, you can configure your WLCs to use Node #1 as primary and Node #2 as secondary Radius server and then your Switches to use Node #2 as primary and Node#1 as secondary. 
  I hope this helps!
  Thank you for rating helpful posts!

• Aggressive Load Balancing = unstable network

  Last week we upgraded 26 WLCs 4400 controllers from version 5.2.178 to version 6.0.188.0/6.0.196.0.
  Two days after the upgrade, IT-administrators had reported problems with 15 of the WLCs.
  The symptoms was:
  - Problems conntecting to SSIDs
  - Unstable network when connected
  - Clients didnt get a IP-adress
  - Unstable signal strength
  After some troubleshooting, it turned out "Aggressive load-balancing" was enabled on the WLCs having these problems.
  Output from one WLC:
  (Cisco Controller) >show load-balancing
  Aggressive Load Balancing........................ Enabled
  Aggressive Load Balancing Window................. 0 clients
  Aggressive Load Balancing Denial Count........... 3
                                                      Statistics
  Total Denied Count............................... 5873 clients
  Total Denial Sent................................ 14067 messages
  Exceeded Denial Max Limit Count.................. 2924 times
  None 5G Candidate Count.......................... 8215 times
  None 2.4G Candidate Count........................ 2331 times
  Yesterday we ran this command on these WLCs:
  config load-balancing aggressive disable
  ..and the problems now seem to have dissappeared.
  Aggressive load-balancing is disabled as default in the newest versions of WLC software, but we have upgraded since version 4.0.155.5 (where I think this was enabled as default), and I guess this setting was enabled because of that.
  Some info from cisco.com about aggressive load balancing:
  Aggressive load-balancing works at the association phase. If enabled and the conditions to load-balance are met, when a wireless client attempts to associate to a LAP, association response frames are sent to the client with an 802.11 response packet that includes status code 17. This code indicates that the AP is too busy to accept any more associations.
  It is the responsibility of the client to honor, process or discard that association response frame with reason code 17. Some clients ignore it, even though it is part of the 802.11 specification. The standard dictates that the client driver must look for another AP to connect to since it receives a "busy" message from the first AP it tries. Many clients do not do this and send the association request again. The client in question is allowed on to the wireless network upon subsequent attempts to associate.
  Just wanted to post this in case others are experiencing problems like we did

  Tweak your RF. You need to adjust the TX power and the data rates. The reason you have one AP with 9 clients is probably because that AP has the lowest TX power setting like 7-8. Make each AP the same TX power level, depending on how many AP's and how big the room is. You will need to play around with this and the data rates to achieve what you want.
  Here is a guide to look at too
  http://www.cisco.com/web/strategy/docs/education/cisco_wlan_design_guide.pdf
  Sent from Cisco Technical Support iPhone App