N+1 redundancy and different mobility groups

Similar Messages

• HA N+1 and Mobility Groups

  Hi all,
  One question, can I have 2 WLC's on different Mobility Groups pointing to the same HA N+1 WLC which is located in one of those Mobility Groups?. I have not seen any note about this on the Cisco documentation I have checked.
  thanks

  From 7.4 onwards AP can fail over to a WLC even they are in different mobility group. So I think this set up should work without any problem.
  http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_01110011.html
  http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Assigning Mobile Group to a User

  I plan to use the <i>Mobile Group</i> filter for a SyncBO, to avoid too large data volumes on clients - BUT I find it very hard to administer through MEREP_PD and impossible to assign a user to a mobile group in advance of application deployment.
  We are dealing with approx. 30 users and they should be allocated to 6 different Mobile Groups. Is there a way to allocate Users to Mobile Groups in advance of application deployment ?
  Thanks.
  Lars

  after creating user in OID (which creates a user for portal also) You shold run the procedure in the portal schema:
  PROCEDURE setdefgroup (
  p_username varchar2,
  p_groupname varchar2) IS
  v_group_id number;
  BEGIN
  v_group_id := WWSEC_API.GROUP_ID
  (p_name => upper(p_groupname));
  wwsec_api.set_defaultgroup
  (p_groupid => v_group_id,
  p_username => upper(p_username));
  END;
  to asign the default group to a user.

• Mobility group membership

  I have 4 WLC's deployed :
  1. AnchorWLC - WLC4402 anchor in a DMZ for guest access
  2. WLCA1 - WLC4402 on SiteA
  3. WLCB1 - WLC2006 on SiteB
  4. WLCB2 - WLC2006 on SiteB
  SiteA & SiteB are geographically separated.
  On all WLC's there is the same mobility group 'group1' with the following group members:
  1.on AnchorWLC: group1 members:WLCA1,WLCB1,WLCB2
  2.on WLCA1: group1 members: anchorWLC
  3.on WLCB1: group1 members: WLCB2,anchorWLC
  4.on WLCB2: group1 members:WLCB1,anchorWLC
  As SiteA and SiteB are geographically separated I have not included internal(non-anchor) WLC's that are on siteA in the mobility group created on WLC's on SiteB and vice versa . The only WLC that has all controllers added to his mobility group is the AnchorWLC as guest access is needed from both siteA and siteB.
  Is this a valid config(anayway it is working...) or is it recommended to have 2 different mobility groups, one for each site(A & B) and create 2 seperate mobility groups on the anchorWLC ?

  I would recommend going for two separate mobility groups. Even though it is working since it is geographically separated, its always better to have different mobility groups.

• Mobility Group Requirements for Guest Anchor WLC

  Hello -
  I've alway assumed you can't create a guest tunnel between a local WLC and an anchor WLC that are in different mobility groups.   However, I was told recently (without much detail) that this is possible.  So I have set out to test this.  
  I am trying to point one of my local WLCs guest SSIDs to a guest anchor WLC in a different mobility group.   I have a maintenance window coming up and I am looking to anchor the clients on one campus to the anchor WLC on the other campus so guest service does not go down.   Each campus is it's own mobility group.   In trying to set this up I went to the "mobility anchors" screen for the guest SSID on one of the local WLCs and I am unable to add the anchor WLC from the other campus because it's non in the drop-down menu.  This is because it's not in the same mobility group.   So my question is how do I anchor clients coming through a local WLC in one mobility group to an anchor WLC in another mobility group?
  To me it doesn't seem possible without significant configuration changes.   I don't want to reconfigure/recreate mobility groups. 
  Thanks
  Chuck

  Not only is it possible, I would recommend it. However, you may be confusing some concepts.
  The Mobility Group is different than the Mobility Domain.  I generally refer to the Mobility Group as those WLCs with the same Default Mobility Group Name, and the Mobility Domain as the entire Mobility List (where you can define up to 72 controllers from various mobility groups).
  The point is that if WLCs 1-10 are GroupA, and WLCs 11-20 are GroupB, for anchoring to work you at least need to add the anchor to the mobility list of the foreign wlc, and vice versa.
  If you notice, when you add a mobility entry to the list, it should ask you for mobility group. If you leave it blank, it should default to that of that WLC,  but on GroupA controllers, you could define GroupB controllers (and specific GroupB) and then you should now have mobility established between your controllers and the Anchor configuration will have your anchors in the drop-down....
  Does that make sense?

• Wireless Mobility Groups - Concerns...

  Hi,
  I recently set up two wireless controllers (2000 series) with a total of 7 access points. The first controller was already running with a total of 5 ap's. I fired up the second controller, and got everything configured and added one access point to it. Everything was running fine yesterday, I had a few clients on the new controller and the rest on the old one. When I got in this morning and checked out the new controller, I saw that all of the access points had moved over to the new controller, and by extension all of the clients. The old controller now has nothing on it as far as ap's or clients. Is this supposed to happen? I didn't know mobility groups shifted over ap's as well? My only concern is that I have one more ap to set up which will make seven and the 2000 only supports 6 ap's. When I fire it up, will one of the ap's move back to it's original controller? Any input is appreciated. Thank you.

  Hi Tate,
  Have a look at this info which may help;
  AP Fail-over Between Different Mobility Groups
  From this good Troubleshooting doc;
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#APfail
  Hope this helps!
  Rob

• WLC4402 mobility group for failover

  Anyone know what the return time is for an AP to jump back to the primary controller from the secondary controller once it comes back online? I have a backup controller over a WAN connection that I'm using to backup four different locations. WLC is runnign 3.2.78 code. APs are 1000 series.

  We're trying to figure this out as well; we have a WiSM, and try to get the APs to fail over from one side to the other. They do, but it takes them a good 30 seconds and obviously no traffic is passed during this time. Both controllers share a mobility group, and each mobility group peer can ping the other.
  The APs are converted 1131AGs an 12xx series. We've used http://www.cisco.com/warp/public/102/wlc_failover.pdf to set this up, but there reregistration is hardly immediate, and the APs don't seem to ever switch back to the primary controller once it comes back up. Any suggestions?

• WiSM redundancy, mobility groups and RF groups

  Hi there
  we would like to implement the following:
  - Support for about 2000 LAP's
  - 1 x Catalyst 6509
  - 1 x Sup 720
  - 7 x WiSM's
  What I'm interesting is are the following points:
  1. I thought that we would build the switch completly redudant, so we have to wlan switches (switch A and B) with 7 WiSM's eatch. So I can garanty a N+N redundancy --> each LAP's has a primary controller on switch A and it's secondary controller on switch B. The LAP's can be splitted on the two switches, but for your understanding there is a 1:1 redundancy. What do you think of this design, is the too much or is this appropriate?
  2. As I know you can build up a mobility group of a maximum of 24 controllers or 12 WiSM's. I would put only these controllers in a mobility group, where Layer 2 roaming can occure.
  3. But what is about the RF groups - there is a maximum of 1000 LAP's, so I can put only 3 WiSM's in one group. But this would not work form me, then I would have 2 WiSM's on switch A and only 1 WiSM on switch B in a RF group (not a 1:1 redundancy). First is it possible to put WiSM-A and WiSM-B into different RF groups, I think so because they are logically splitted, aren't they?
  And what RF group design would be best (just as a reference)? I thought that it would make sense to form a RF group for each of the seven pairs (1 WiSM on switch A and 1 WiSM on switch B) for redundancy? What do you think of that approach?
  4. So I would have 1 mobility group and 7 RF groups. Or do you recommend to form the mobility groups like the RF groups? But what happens with Layer 2 roaming in that case?
  I'm sorry for the long and messy text, but I hope you can see my design questions?
  Thanks a lot in advance.
  Dominic

  It sounds like you already have some good replies. Personally I like N+1 redundancy, but that is a designers choice. One thing I should point out is that the 6500 can only support 5 WiSM cards each. In this case a 4 WiSM x 3 chassis option would give your more spare capacity with only 12 total cards. The lower WiSM cost (12 vs 14) would help offset the cost of the extra chassis. You could also support 2400 APs with 8 WiSM cards even if one switch is down.
  Not too long ago Cisco added the ability to set the priority of APs so your critical ones would join a controller and the less critical ones would go down if a controller failed and there were no redundancy. That is something to keep in mind when designing wireless. You may not need redundancy for all APs and that could affect your design and costs.
  Randy

• WLC 5508 and mobility groups

  Hi,
  We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
  other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
  Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
  (i get a duplicate mac address message).
  What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
  Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
  Any clearification would be greatly appreciated
  BR
  //Mikael

  I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
  On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
  WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
  If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
  With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
  on the two UK WLCs
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  on the two Swedish WLCs
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!

• WLC 4400 - Different minor versions same mobility group?

  Hi all,
  i have 2 WLC 4400 integraded in 3750G.
  One has 6.0.202 and the other 6.0.188.
  They are in different places but now i want to put them in the same mobility group.
  Will this difference be a problem?
  BR
  Anthony

  Yes it will be an issue. You have to remember that the AP gets it firmware from the WLC image. So if an AP has to mi e from one to the other, it will either upgrade or downgrade each time. Best practice is to keep the firmware the same.
  Sent from Cisco Technical Support iPhone App

• WLC 7.4.100.0 Mobility group control and data path down

  Hi All,
  Today i am facing issue with mobility group. i checked and found  control and data path is down on foreign controller.I am able to ping anchor controller. Required ports are open on firewall but mping and eping fails. Any idea whats wrong. On Anchor controller, i have 7 foreign controller configured and among these 3 are working fine. Having problem with 4 foreign controller. Previously all are working fine and there is no changes made on network or firewall.            

  Post output of "show mobility summary" of your Anchor WLC & a non-working WLC. Also "show sysinfo" of those two controllers.
  Regards
  Rasika

• Mobility group between controller 4400 and virtual wlc

  Hello everybody...
  I read the configuration guide about the 7.3 release. And I figured out that you will need a hash key for establishing a mobility group relation between a controller and a virtual controller. The 7.3 release for the 5500 series works fine for me.
  But the latest release 7.0.235.0 for the wireless lan controller series 4400 does not have a functionality to add a hash key while creating a new mobility group member.
  The command "config mobility group member hash" is totally missing.
  Does anybody have an idea how to establish a mobility group between a 4400 controller and a virtual then?
  Best regards,
    Sebastian Wieseler

  The vWLC is out since yesterday.
  We installed it in our lab and the deployment guide is out now, too.
  Anyway... the hash is "god-given" in the vWLC. I can't change it to "none". So it is quite mandatory to enter a hash in the 4400 controller otherwise it just do not pair. So I am unable to establish a mobility group.
  Any other ideas?

• WLC mobility group between 4404 and 5508 controllers

  Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
  Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
  We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
  All controllers have:
  The same virtual address
  Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
  The default mobility domain name is the same
  4404 output when issung the command 'show mobility summary'
  Symmetric Mobility Tunneling (current) .......... Enabled
  Symmetric Mobility Tunneling (after reboot) ..... Enabled
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  5508 ouput when issueing the command 'show mobility summary'
  Mobility Architecture ........................... Flat
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  I've spent quite some time double checking all the configurations to no avail.
  Has anybody seen this problem before?
  Kind regards
  Dave Bell

  Thanks Sandeep.
  I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
  All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
  In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
  Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
  For example:
  {Screen shot WLC1.jpg}
  5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
  however!
  From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
  {Screen shot wlc2.jpg}
  Hence the WLC reports as: bc:16:65:f9:37:60
  and
  The network reports as: f872.eaee.becf for the same IP address.
  I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
  bc:16:65:f9:37:60
  to
  f8:72:ea:ee:be:cf
  I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
  Kind regards
  Dave Bell

• Cisco 526 WLC and 2106 WLC in one Mobility Group

  Hi,
  is it possbile to build a solution with one Cisco 526 Wireless Express Mobility Controller and one Cisco 2106 Wireless LAN Controller in one Mobility Group regarding seamless roaming??
  Thank for your answers
  Best regards
  Stephan

  I don't know if it is possible, but I would think if you had any issues, TAC wouldn't support it. Try opening a case with TAC to see.

• Mobility groups and MAC filtering

  We have a 4402 controller and we are doing MAC filtering. We have reached the default number of MAC addresses, 512. It has been recommended that we add an additional controller instead of increasing this past the default. Three questions:
  1. Is there an increased (enough to impact performance) load placed on the WLC if the limit of MACs is increased, say to the max of 2048?
  2. If we add an additional controller, configured in a mobility group, how do we configure the MAC filter to load balance? Or do we have to configure the same MAC table on both controllers? Which leads to....
  3. Is there a benefit to adding another controller as far as MAC filtering is concerned?

  As it stands, you would need to manually replicate internal mac filtering database between two controllers, so you're not gaining much with the second controller. As regards to increasing database size and what effects it will have, I don't have an educated answer for you, sorry.
  Regards,
  Roman