Redundant WLC-5508 Deployment Licensing

I am deploying a redundant WLC-5508. We purchased 2, each with the base license of 50 AP's. After the survey, we determined that we need an additional 9 access points. Do we have to purchase 2 upgrade licenses? If so, can we get them in increments of 5, similar to the 2500 series WLC's?

After the survey, we determined that we need an additional 9 access points. Do we have to purchase 2 upgrade licenses?
Yes. You need to purchase TWO (2) licenses.
Here's the difficulty with your scenario:
For unknown reason, someone in Cisco has determine that, in your case, you have an appliance with 50 bases license and you need to add 9 WAPs. Logic dictates that you could potentially get a 25-base license right? Not in this case. Your minimum license you can get is 100-base license.
Because of this, I would recommend that you raise a TAC Case and potentially get both of the WLC RMA-ed. Tell TAC that you want to get a 25-base license ADDED to both units. (Bringing the total to 75.)
Message was edited by: Leo Laohoo

Similar Messages

WLC 5508 deploy

Hi All,
We have 2 nos wlc 5508, One of them with 12 ap license and other with 25 ap licesce.
Now I am planning to deploy both controller in same subnet and want to associate 10 ap from first and 15 ap from second.
So can any one suggest me about this ? How to configure this type of setup?

Here it is the configuration guide:
http://www.cisco.com/en/US/docs/wireless/controller/5.0/configuration/guide/c5ovrv.html#wpmkr1127538
You can use this guide:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml
The only difference is that you just need to provide to each AP with the name of the WLC that you want it to be linked.

WLC 5508 Evaluation License Expiry

Hi,
I have a customer who wants to do some WLC migration works. They have a spare 5508 (50 License) that they want to use to house their 100+ APs during the migration works as they are temporarily decommissioning the active 5508s. They have asked me whether they can get an extension to the evaluation license (I suggested the eval license may be the best option to get through this with minimal hassle) as they feel 60 days might not be long enough!
Thinking about it I read this in the WLC config guide regarding eval licenses:
"To prevent disruptions in operation, the controller does not switch licenses when an evaluation license expires. You must reboot the controller in order to return to a permanent license. Following a reboot, the controller defaults to the same feature set level as the expired evaluation license. If no permanent license at the same feature set level is installed, the controller uses a permanent license at another level or an unexpired evaluation license."
This suggests that the license will just continue to be active until a reboot? Is that correct, has anybody seen this in action. I have seen this sort of thing before with IOS-XE code where a feature is enabled as evaluation, and once it expires it doesn't stop the feature working, just sends loads of snmp traps complaining about not having the correct license level.
I would be interested if anyone knows what really happens once the eval expires and if the eval license count will remain active until WLC reboot.
Thanks
Rocky

Hi,
I have found another option for this unorthodox scenario. I just as an idea went to see if I could get a demo license for a 5508 I have in our lab (which currently has default eval license on it) from Cisco's license portal. Surprisingly it issued me a eval license, I installed it successfully onto the 5508! I now have 2x eval licenses, so in theory this will work for my customer as he can use this again for another 60 days!
I then thought I'd try again and see how far I can push it :) I then got a message saying:
We are unable to provide you with a license at this time.
You cannot obtain multiple trial licenses for the same UDI.
Ok, that makes sense, but I was able to add another eval on-top of the factory sent one.
What I will do is invoke it and see how it goes, and also I will then get to see what happens after 60 days.
Thoughts welcome.
Rocky

WLC 5508 HA license

Hi,
We have 2 WLC and each WLC have 100 wap license. If we make them into a High availability pair do we get 200 wap licences?
Thanks,

Sorry I didn't understand "In your case 5508 would max out to 500".
We have 2 WLC each have license for 100 LWAP and they are not in HA pair now. When I will join the 2 WLC as a HA WLC, then I will have license for 100 LWAP or both WLC licences will add up and we will have 200 LWAP license in HA WLC
Now if suppose WLC-1 primary fails and we have 200 LWAP attached with it, in this scenario, do the WLC-2 can support the 200 LWAPs?
Thanks

WLC 5508 deployment

Hi All,
Currently we have 40 AP in standalone mode, we want to add a controller in our architecture to enhance coverage and set up a policy for autentication with AD.
I have created a simple test lab with an AP in the lightweight mode and the authentication is fine with a radius server (by using web authentication, 802.1x).
Now, in case of the WLC crashes I want that the process doesn't stop and the data continues to pass through the AP.
After reading some cisco documents, I find the "Flexconnect" which is a solution to configure and control APs in a branch or remote office from the corporate office through a WAN link without the deployment of a controller in each office.
Can I use this mode in our internal office ? Knowing that the goal is to avoid centralization of the traffic on the wlc.
If this mode is not the best could you suggest another please?
Many thanks in advance

Yes you can use FlexConnect mode if you wish. This is an alternative when you have only one WLC. What you should maybe look at is a 5508 HA sku WLC. Thus HA sku WLC doesn't require license so it's cheaper and a good alternative to redundancy. You would only need to purchase licenses for your existing WLC and the HA sku WLC can backup up to the max ap count for that device which is 500.
In the meantime, FlexConnect can work for you, it's just that there are some limitations to FlexConnect than is the AP's were in local mode. You can find that section in the doc you were referencing.
Sent from Cisco Technical Support iPhone App

Redundant WLC 5508

I have one 5508 installed and working for about a year now. I want to install a redundant 5508. How do I configure the controllers? What do I need to do to have them work properly? Any info will help. Thank you.

Run the same code on both controllers, copy the current config from the production controller to the new controller (make sure it's offline). Then reconfigure the interfaces to something else so that there is no IP conflict and setup the HA for the access points and setup the mobility group so that roaming works. I've done this on 4400's so I would imagine it could also be done on 5508's.

WLC 5508 Flex connect

Is there any separate licencse require for centralized WLC 5508 deployment?

agree with Stephan.
No need for addition license. just need to have number of AP license on WLC.
Just for reference:
H-Reap Design and Deployment Guide
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/71250-h-reap-design-deploy.html
H-REAP Modes of Operation Configuration Example
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/81680-hreap-modes.html
Regards

Redundant WLC and ACS deployment

Deployed a project with one WLC 5508, one ACS 1121 and one WCS with 200 APs 1131. Now we required redundency in this design. Is there anyone help me out for this design and configuration.

Hi Muhammad, there are two types of redundancy in the CUWN network. controller and AP redundancy.
since you have only one WLC, the controller redundancy is not possibe. for the lightweight APs, there's automatic self healing from the WLC when one AP goes down. this means that neighbouring APs can detect that one of their neighbors is not alive and they react by transmitting a powerful signal to compensate. I would strongly advise you about strongly deploying a second WLC especially that you have 200 APs. If your WLC crashes, you are out of business for a while !
rate if this helps.

Deployment of WLC-5508 with 2702i-D have performance issue.

Hi Team,
We have centrally deployed WLC-5508 with 50 AP licence along with HA scenario. we have 3 locations.
1- HQ. have 26 AP with POWINJ5.
2- Branch location A- 8 AP with POWINJ5.
3. Branch location B have 8 AP with POWINJ4.
my exception is to achieve that single SSID with dynamic VLAN from group police (NPS). MY HO have 26 AP and those are working in local mode.
and branches are connected through flexconnect mode. and all are working with different-2 NPS.
Now i am facing a problem with this deployment are following.
1- branch A have performance issue.
2- HQ have performance issue.
3- i don't want to go with dedicated NPS for every location.
In order to achieve this deployment i want only single SSID with primary and secondary NPS at my HQ with dynamic VLAN for respective departmental users vlans..
above is my problem and concern. otherwise i am successfully achieving this solution with dedicated NPS with single group policy. but when i am going forward to achieve my expectation that time i am facing authentication issue at my HQ and sometimes am not able to get proper VLAN IPs. at my HQ.
kindly help me in that to understand where I am doing wrong things to achieve my expectation.
Thanks.
Nalin

I am facing 2 different problems.
1st issue- in existing setup we have throughput issue. (while downloading or uploading any data from the internet or Intranet, that time wireless clients are facing slowness of the Speed. and same time when i am trying from LAN i am not facing any issue)
2nd Issue- I want to achieve only single SSID with primary and secondary NPS (AD group is bind with vlan Attributes) with dynamic VLAN for respective departmental users.
for Issue no 2 i have created SSID to achieve the single ssid parameter for every location. in order to achieve i have change all access points mode local to Flexconnect mode after that i have created AP groups location wise and then create flexconnect Groups where i have mapped all the vlan through AAA VLAN-ACL mapping. created interface group and mapped all the vlans in that group.
for more understanding please go through the below mentioned CLI view.
Cisco Controller) >show wlan apgroups
Total Number of AP Groups........................ 4
Site Name........................................ GURGAON-AP-GROUP
Site Description................................. GURGAON-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Pol icy
3 gurgaon-interface Disabled None
--More-- or (q)uit
4 gurgaon-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
GUR-AP-01 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:e4 default location 1 IN 1
GUR-AP-05 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b5:18 default location 1 IN 1
GUR-AP-03 2 AIR-CAP2702I-D-K9 bc:16:65:13:71:00 default location 1 IN 1
GUR-AP-07 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:f8 default location 1 IN 1
GUR-AP-06 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:e0 default location 1 IN 1
GUR-AP-08 2 AIR-CAP2702I-D-K9 f4:4e:05:45:78:98 default location 1 IN 1
GUR-AP-02 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b3:2c default location 1 IN 1
GUR-AP-04 2 AIR-CAP2702I-D-K9 f4:4e:05:78:ae:64 default location 1 IN 1
GUR-AP-09 2 AIR-CAP2702I-D-K9 f4:4e:05:80:b4:44 default location 1 IN 1
Site Name........................................ MUMBAI-AP-GROUP
Site Description................................. MUMBAI-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
--More-- or (q)uit
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-7-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:d8 7th Floor 1 IN 3
--More-- or (q)uit
FAL-7-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:18 7th Floor 1 IN 1
FAL-7-AP14 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ad:e8 7th Floor 1 IN 1
FAL-7-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:4c 7th Floor 1 IN 1
FAL-7-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:bc 7th Floor 1 IN 1
FAL-7-AP13 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:80 7th Floor 1 IN 1
FAL-7-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:94 7th Floor 1 IN 1
FAL-7-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:e8 7th Floor 1 IN 1
FAL-7-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:f0 7th Floor 1 IN 3
FAL-7-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:e4 7th Floor 1 IN 1
FAL-7-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:84 7th Floor 1 IN 3
FAL-7-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:b0:14 7th Floor 1 IN 1
FAL-7-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:c8 7th Floor 1 IN 3
FAL-7-AP11 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:08 7th Floor 1 IN 1
Site Name........................................ MUMBAI-THIRD-FLOOR-AP
Site Description................................. MUMBAI-THIRD-FLOOR-AP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
--More-- or (q)uit
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-3-AP07 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:a4 3rd Floor 1 IN 3
FAL-3-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:94 3rd Floor 1 IN 3
FAL-3-AP11 2 AIR-CAP2702I-D-K9 f4:0f:1b:73:00:74 3rd Floor- Eurek 1 IN 3
FAL-3-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:d0 3rd Floor 1 IN 3
--More-- or (q)uit
FAL-3-AP10 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b5:88 3rd Floor 1 IN 3
FAL-3-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:9c 3rd Floor 1 IN 3
FAL-3-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:af:a0 3rd Floor 1 IN 1
FAL-3-AP12 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:fc 3rd Floor- Eurek 1 IN 3
FAL-3-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:28 3rd Floor 1 IN 3
FAL-3-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:f4 3rd Floor 1 IN 3
FAL-3-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:30:92:8c 3rd Floor 1 IN 2
FAL-3-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:30:91:f4 3rd Floor 1 IN 3
Site Name........................................ RAHEJA-AP-GROUP
Site Description................................. RAHEJA-AP-GROUP
Venue Group Code................................. Unspecified
Venue Type Code.................................. Unspecified
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
--More-- or (q)uit
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
5 raheja-interface Disabled None
2 raheja-guest Disabled None
*AP3600 with 802.11ac Module will only advertise first 8 WLANs on 5GHz radios.
AP Name Slots AP Model Ethernet MAC Location Port Country Priority
FAL-RAHEJA-AP04 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:24:1c Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP02 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:37:3c Confrennce Room 1 IN 3
FAL-RAHEJA-AP03 2 AIR-CAP2702I-D-K9 f0:7f:06:30:93:48 Near Confrence R 1 IN 3
FAL-RAHEJA-AP05 2 AIR-CAP2702I-D-K9 f0:7f:06:bf:ae:c0 Near Meeting Roo 1 IN 3
FAL-RAHEJA-AP06 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:a0 Near Server Room 1 IN 3
FAL-RAHEJA-AP01 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b3:20 Reception Area 1 IN 3
FAL-RAHEJA-AP08 2 AIR-CAP2702I-D-K9 f0:7f:06:8d:25:68 USER BAY ROAD si 1 IN 1
FAL-RAHEJA-AP09 2 AIR-CAP2702I-D-K9 f0:7f:06:92:b4:d4 Training Room 1 IN 1
--More-- or (q)uit
Site Name........................................ default-group
Site Description................................. <none>
NAS-identifier................................... Fractal-WLC1
Client Traffic QinQ Enable....................... FALSE
DHCPv4 QinQ Enable............................... FALSE
AP Operating Class............................... Not-configured
Capwap Prefer Mode............................... Not-configured
RF Profile
2.4 GHz band..................................... <none>
5 GHz band....................................... <none>
WLAN ID Interface Network Admission Control Radio Policy
1 group for mumbai Disabled None
2 guest wifi Disabled None
3 gurgaon-interface Disabled None
4 gurgaon-guest Disabled None
5 raheja-interface Disabled None
6 test Disabled None
Cisco Controller) >show flexconnect group summary
FlexConnect Group Summary: Count: 4
Group Name # Aps
Gurgaon-AP 9
HQ-3RD-FLR-AP-GROUP 12
HQ-7THFLR-AP-GROUP 14
Raheja-AP-Group 8
(Cisco Controller) >show flexconnect group detail Gurgaon-AP
Number of AP's in Group: 9
bc:16:65:13:71:00 GUR-AP-03 Joined Flexconnect
f4:4e:05:45:78:98 GUR-AP-08 Joined Flexconnect
f4:4e:05:78:ae:64 GUR-AP-04 Joined Flexconnect
f4:4e:05:78:ae:e4 GUR-AP-01 Joined Flexconnect
f4:4e:05:80:b3:2c GUR-AP-02 Joined Flexconnect
f4:4e:05:80:b3:e0 GUR-AP-06 Joined Flexconnect
f4:4e:05:80:b3:f8 GUR-AP-07 Joined Flexconnect
f4:4e:05:80:b4:44 GUR-AP-09 Joined Flexconnect
f4:4e:05:80:b5:18 GUR-AP-05 Joined Flexconnect
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
--More-- or (q)uit
Group Radius AP Settings:
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
Vlan :........................................... 203
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 205
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 204
--More-- or (q)uit
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 206
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 207
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 208
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 209
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 210
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 211
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 212
Ingress ACL :................................... None
Egress ACL :.................................... None
--More-- or (q)uit
Vlan :........................................... 216
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 217
Ingress ACL :................................... None
Egress ACL :.................................... None
Vlan :........................................... 218
Ingress ACL :................................... None
Egress ACL :.................................... None
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
(Cisco Controller) >
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 6
WLAN ID WLAN Profile Name / SSID Status Interface Name PMIPv6 Mobility
1 FRACTAL-EMP-MUMBAI / FRACTAL Enabled group for mumbai none
2 FRACTAL-GUEST / FRACTAL-GUEST Enabled guest wifi none
3 FRACTAL-EMP-GURGAON / FRACTAL-GURGAON Enabled gurgaon-interface none
4 GURGAON-GUEST / FRACTAL-GUEST-GURGAON Enabled gurgaon-guest none
5 RAHEJA-EMP-WIRELESS / FRACTAL-R Enabled raheja-interface none
6 TEST-SSID / TEST-SSID Enabled test none
hope this will give you proper understanding.

WLC 5508 Base-Ap-Count License Inactive

Hello,
I have two licenses on a WLC 5508 "base-ap-count permenant 100 Count medium Inactive" and "base-ap-count permanent 150 count medium In Use". Should both the 100 and 150 be added up to make 250? Why is the 100 license inactive? There is no option to make it active.

Here is my status:
show license summary
License Store: Primary License Storage
StoreIndex: 0 Feature: base-ap-count Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 5 / 0 (Active/In-use)
License Priority: Medium
License Store: Primary License Storage
StoreIndex: 1 Feature: wlc-virtual Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: 1 /1 (Active/In-use)
License Priority: Medium
License Store: Primary License Storage
StoreIndex: 2 Feature: base-ap-count Version: 1.0
License Type: Permanent
License State: Inactive
License Count: 10 / 0 (Active/In-use)
License Priority: Medium
License Store: Primary License Storage
StoreIndex: 3 Feature: base-ap-count Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: 15 /15 (Active/In-use)
License Priority: Medium
Both 5 license and 10 license have the dropdown arrow available to delete. Is it ok to delete them?
vWLC came with 5 AP then I added two 5 AP licenses.

Redundancy for WLC 5508 7.1.103

I was trying to setup 2x WLC 5508 follow this instruction , copy config of 1 WLC to another and change the IP address. Then setup HA in global config for all AP
https://supportforums.cisco.com/thread/2036661
Is there a way to confirm fail-over work without turning off the 1st WLC ?
I tried this command on 1 of the AP "show capwap client config"
But it does not show secondary controller config.

Are you sure you don't see primary and secondary controller's IP addresses on the command "show capwap client config"?
If configured, primary, secondary or tertiary WLCs appear on the output of this command like this:
mwarName               WLC1
mwarIPAddress        x.x.x.x
mwarName               WLC2
mwarIPAddress        y.y.y.y
mwarName               WLC3
mwarIPAddress        z.z.z.z
Where, WLC1 is the primary, WLC2 is the secondary and WLC3 is the tertiary.
Note that the listing order determines which one is primary and which is secondary...etc. (first listed is primary, second is secondary..etc).
You double check the output of your command.
You can take Leo's advice about testing HA without reloading the WLC, but you can also check HA per AP basis. Try adding one ACL that prevents specific AP from communicating with the primary WLC and wait to see if it will join the secondary or not.
HTH
Amjad
You want to say "Thank you"?
Don't. Just rate the useful answers,
that is more useful than "Thank you".

WLC 5508 in HA

Hi everyone,
I have a doubt with a scheme of WLC in HA, I hope someone can help me.
I have 6 remote sites and 2 main sites, in coming year at least 3 remote sites will be opened. Each remote site has one WLC 5508, I want to deploy HA for these ones, however I want to know if only I must put other WLC at each remote site? or exists other way in order to deploy a Cisco WLC in Main Site for working like WLC HA for every one at remote sites?
Thanks

1. That is up to you and what you need for redundancy. With that low of licensing and the cost you may just want to buy a 50 count controller and not bother with an HA SKU. (2 could fail)
2. I believe this was back when they were selling HA only SKUs, you couldn't upgrade an HA to a permanent license.
3. Yes, I mentioned that the APs will lose CAPWAP connections. There will be an outage during fail over
4. It will not, N+1 is for redundancy on one.
Some designs with smaller sites use FlexConnect with AP SSO on redundant controllers in a data center, minimizing downtime.There are some caveats though.
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html

Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)

Hello,
I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
well as the Wireless solution.
At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
between the two switches and their integrated controller.
Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
state of their connections to the WLAN infrastructure.
To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
subnets need to be assigned to the SSIDs.
As such, I have the following questions:
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
the solution as per the next question. Please advise which is a better option?
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
Regards,
Amir

Hi Amir,
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
MO is not required (it is only for very large scale deployments)
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Yes, documents are hard to find :(
These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
http://mrncciew.com/2014/05/06/configuring-new-mobility/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
*** Pls rate all useful responses ****

WLC 5508 running 7.4.110.0 unable to tftp upload config from controller

Hi,
Two WLC 5508 running identical code version. One is 50 license Primary, the second is HA. Identical config on both. HA WLC can upload its config to the TFTP or FTP server but Primary cannot. The operation fails for both CLI and GUI and for different protocols i.e. TFTP, FTP.
#### Primary Controller
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... PRODWC7309
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.1.30.210
Last Reset....................................... Power on reset
System Up Time................................... 18 days 18 hrs 51 mins 35 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +17 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 8
Number of Active Clients......................... 138
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 3C:08:F6:CA:52:20
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 50
(Cisco Controller) >debug transfer trace enable
(Cisco Controller) >transfer upload start
Mode............................................. TFTP
TFTP Server IP................................... 10.1.22.2
TFTP Path........................................ /
TFTP Filename.................................... PRODWC7309-tmp.cfg
Data Type........................................ Config File
Encryption....................................... Disabled
*** WARNING: Config File Encryption Disabled ***
Are you sure you want to start? (y/N) Y
*TransferTask: Jun 02 10:41:15.183: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 02 10:41:15.183: RESULT_STRING: TFTP Config transfer starting.
TFTP Config transfer starting.
*TransferTask: Jun 02 10:41:15.183: RESULT_CODE:1
*TransferTask: Jun 02 10:41:24.309: Locking tftp semaphore, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.393: Semaphore locked, now unlocking, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.393: Semaphore successfully unlocked, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
*TransferTask: Jun 02 10:41:24.394: tftp rc=-1, pHost=10.1.22.2 pFilename=/PRODWC7309-tmp.cfg
pLocalFilename=/mnt/application/xml/clis/clifile
*TransferTask: Jun 02 10:41:24.394: RESULT_STRING: % Error: Config file transfer failed - Unknown error - refer to log
*TransferTask: Jun 02 10:41:24.394: RESULT_CODE:12
*TransferTask: Jun 02 10:41:24.394: Memory overcommit policy restored from 1 to 0
% Error: Config file transfer failed - Unknown error - refer to log
(Cisco Controller) >show logging
*TransferTask: Jun 02 10:41:24.393: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4579 Failed to open file /mnt/application/xml/clis/clifile.
*sshpmReceiveTask: Jun 02 10:41:24.315: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:1087 Sema 0x2b32def8 time=142 ulk=1621944 lk=1621802 Locker(sshpmReceiveTask sshpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1647 pc=0x10b07938)
-Traceback: 0x10af9500 0x1072517c 0x10b07938 0x12020250 0x12080bfc
*TransferTask: Jun 02 10:39:01.789: #UPDATE-3-FILE_OPEN_FAIL: updcode.c:4579 Failed to open file /mnt/application/xml/clis/clifile.
*sshpmReceiveTask: Jun 02 10:39:01.713: #OSAPI-3-MUTEX_FREE_INFO: osapi_sem.c:1087 Sema 0x2b32def8 time=5598 ulk=1621801 lk=1616203 Locker(sshpmReceiveTask sshpmrecv.c:1662 pc=0x10b07938) unLocker(sshpmReceiveTask sshpmReceiveTaskEntry:1647 pc=0x10b07938)
-Traceback: 0x10af9500 0x1072517c 0x10b07938 0x12020250 0x12080bfc
#### HA Controller
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.95.16
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... PRODWC7310
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.1.31.210
Last Reset....................................... Software reset
System Up Time................................... 18 days 19 hrs 1 mins 27 secs
System Timezone Location......................... (GMT+10:00) Sydney, Melbourne, Canberra
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... AU - Australia
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +34 C
External Temperature............................. +17 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 4
Number of Active Clients......................... 0
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 3C:08:F6:CA:53:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 500
(Cisco Controller) >debug transfer trace enable
(Cisco Controller) >transfer upload start
Mode............................................. FTP
FTP Server IP.................................... 10.1.22.2
FTP Server Port.................................. 21
FTP Path......................................... /
FTP Filename..................................... 10_1_31_210_140602_1050.cfg
FTP Username..................................... ftpuser
FTP Password..................................... *********
Data Type........................................ Config File
Encryption....................................... Disabled
*** WARNING: Config File Encryption Disabled ***
Are you sure you want to start? (y/N) y
*TransferTask: Jun 02 10:51:31.278: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 02 10:51:31.278: RESULT_STRING: FTP Config transfer starting.
FTP Config transfer starting.
*TransferTask: Jun 02 10:51:31.278: RESULT_CODE:1
*TransferTask: Jun 02 10:52:05.468: ftp operation returns 0
*TransferTask: Jun 02 10:52:05.477: RESULT_STRING: File transfer operation completed successfully.
*TransferTask: Jun 02 10:52:05.477: RESULT_CODE:11
File transfer operation completed successfully.
Not upgrading to 7.4.121.0 because of bug CSCuo63103. Have not restarted the controller yet.
Any one else had this issue ? Is there a workaround ?
Thanks,
Rick.

Thanks Stephen, In my deployments of 7.4.110.0 version I have not seen this issue so may be controller reboot will fix it (we do have HA to minimize the impact). I will keep the thread updated with findings and may request TAC for the special release 7.4.121.0 if the still not happy with 7.4.110.0
Rick.

WLC 5508 in HA pair (7.4.121.0) sudden reload

I have a pair of WLC 5508 in HA pair running version 7.4.121.0, last week I have two sudden reload on my active WLC. Here's the error from my syslog server on the first sudden reload. The second reload has almost the same logs.
10.x.x.234 - active
10.x.x.237 - standby
2014-01-30 17:52:20 Local0.Error 10.x.x.237 WLC-HA01: *rmgrMain: Jan 30 17:52:24.498: #RMGR-3-RED_HEARTBEAT_TMOUT: rmgr_main.c:242 rmgrTmoHeartbeat: Recved GW ping count 6 phyMgr ping count 0.
2014-01-30 17:52:20 Local0.Emerg 10.x.x.237 WLC-HA01: *rmgrMain: Jan 30 17:52:24.555: #RMGR-0-RED_HA_RELOAD: rmgr_utils.c:198 System reboot: reason: category Sanity check object Self
2014-01-30 17:52:21 Local0.Emerg 10.x.x.234 WLC-HA01: *rmgrMain: Jan 30 17:52:24.989: #RMGR-0-RED_HA_RELOAD: rmgr_utils.c:188 System reboot: reason: category Peer reload req object Peer
2014-01-30 17:52:21 Local0.Alert 10.x.x.234 WLC-HA01: *dtlArpTask: Jan 30 17:52:25.106: #DTL-1-IP_CONFLICT_DETECTED: dtl_net.c:4857 Network device with mac addr 7c:ad:74:8d:6b:0f using IP address of local interface
Cisco TAC recommends to disable monitoring the default gateway.
--> config redundancy management-gateway-failover disable
I was wondering if someone has the issue with what I have.
Second issue I have is when it fails over to the standby WLC, I do get a web-auth certificate error from the WLC when clients login. This only happens after a sudden reload. If I do a redundancy force-switchover during maintenance window, the certificate error doesn't show up. To fix the certificate error I have to bounce both WLCs one after the other.
Thanks in advance.

Hi,
I exeprienced a reload problem in standby WLC, with HA in release 7.6.100.0.
I use a dedicated VLAN to transport the redundancy sync and info, 'cause the two WLCs are in different buildings.
The standby WLC reload continuously 'cause it doesn,t find the default gateway.
(Cisco Controller-Standby) >show redundancy summary
            Redundancy Mode = SSO ENABLED
                Local State = STANDBY HOT
                 Peer State = ACTIVE
                       Unit = Secondary - HA SKU (Inherited AP License Count = 500)
                    Unit ID = 00:06:F6:DB:E3:E0
           Redundancy State = SSO (Both AP and Client SSO)
               Mobility MAC = 58:8D:09:CD:81:C0
Management Gateway Failover = ENABLED (Management GW failover would be operational in few moments)
Average Redundancy Peer Reachability Latency = 621 usecs
Average Management Gateway Reachability Latency = 0 usecs
Redundancy Management IP Address................. 40.231.36.6
Peer Redundancy Management IP Address............ 40.231.36.5
Redundancy Port IP Address....................... 169.254.36.6
Peer Redundancy Port IP Address.................. 169.254.36.5
Rebooting as default GW is not reachable from Standby Controller
Restarting system. Reason: Default Gateway is not reachable ..
The problem is that the WLC tries to ping the DGW using the primary IP management address belonging to the active WLC, so we have duplicated IP problem, ARP problem and so on .....
The standby WLC should use the redundancy managemet address to ping the default gateway, instead the primary IP management address!!!!!!
So the workaround is the CLI command :
config redundancy management-gateway-failover disable
on the primary WLC, via console or in SSH.
When the standby will reload it will inherit the config from the active primary WLC
(Cisco Controller-Standby) >show redundancy summary
            Redundancy Mode = SSO ENABLED
                Local State = STANDBY HOT
                 Peer State = ACTIVE
                       Unit = Secondary - HA SKU (Inherited AP License Count = 500)
                    Unit ID = 00:06:F6:DB:E3:E0
           Redundancy State = SSO (Both AP and Client SSO)
               Mobility MAC = 58:8D:09:CD:81:C0
Management Gateway Failover = ENABLED (Management GW failover is disabled as it is DISABLED on the Peer)
Average Redundancy Peer Reachability Latency = 666 usecs
Average Management Gateway Reachability Latency = 0 usecs
Redundancy Management IP Address................. 40.231.36.6
Peer Redundancy Management IP Address............ 40.231.36.5
Redundancy Port IP Address....................... 169.254.36.6
Peer Redundancy Port IP Address.................. 169.254.36.5
The workaround works in my experience.

Redundant WLC-5508 Deployment Licensing

Similar Messages

Maybe you are looking for