WLC-4402-50 load balancing
Hello,
I am about to migrate from a stand alone infraestructure to a WLC supported WLAN. I'll install a 4402-50 and I have a question regarding the AP-manager interfaces.
I read that each port supports up to 48 APs being 25 the best practice and that the APs will decide to which port they'll connect depending on which one has less APs connected. Well I wonder what would happen if I connect one of the ports to another fiber-optic link and the other one to a 100 Mbps copper link?
Thank you.
Ok, thanks I was looking at the same document it's just that I didn't find an explicit phrase that says "it's not possible, that it does not negotiate lower speed". I was looking at page 3-4.
Thanks a lot.
Similar Messages
-
WLC Radius Server Load Balance
Hi,
Can someone provide me detailed description on how WLC Radius Server Load balance works.
Becuase, I encounted a problem of User Authenticated with the 1st Radius Server, but Accounting Records are actually on 2nd Server .
Any response will be very appreciated
-AngelaHi Angela,
I pasted below the part of config guide explaining the different modes. In summary :
-Fallback off means : when 1st radius server shows dead , WLC moves to the second. And will only change again when the 2nd is dead too.
-Passive means : whent 1st radius is dead, WLC moves to the second. If there is a new authentication coming in, it will try the 1st radius server again
-Active means : WLC constantly sends radius probes to detect when primary is back up.
config radius fallback-test mode {off | passive | active}
where
•off disables RADIUS server fallback.
•passive causes the controller to revert to a server with a lower priority from the available backup servers without using extraneous probe messages. The controller simply ignores all inactive servers for a time period and retries later when a RADIUS message needs to be sent.
•active causes the controller to revert to a server with a lower priority from the available backup servers by using RADIUS probe messages to proactively determine whether a server that has been marked inactive is back online. The controller simply ignores all inactive servers for all active RADIUS requests. Once the primary server receives a response from the recovered ACS server, the active fallback RADIUS server no longer sends probe messages to the server requesting the active probe authentication. -
I am trying to understand how the load balancing threshold is calculated but I am finding conflicting information, even withing Cisco's own documentation. I would be grateful if anyone could help.
Cisco's latest Wireless LAN Controller Configuration Guide for software release 7.0.116.0 (April 2011) contains the following information for configuring Wireless > Advanced > Load Balancing Page (emphasis mine):
In the Client Window Size text box, enter a value between 1 and 20. The window size becomes part of the algorithm that determines whether an access point is too heavily loaded to accept more client associations:
load-balancing window + client associations on AP with highest load = load-balancing threshold
In the group of access points accessible to a client device, each access point has a different number of client associations. The access point with the lowest number of clients has the lightest load. The client window size plus the number of clients on the access point with the lightest load forms the threshold. Access points with more client associations than this threshold is considered busy, and clients can associate only to access points with client counts lower than the threshold.
Option 1
The formula shown is correct (load-balancing window + client associations on AP with highest load = load-balancing threshold). If so, this would mean that if you had a window size of 5 and the AP with the highest load at the time of calculation was 15, the threshold would be 18. However, as no APs have 18 associations then this threshold would never be reached. Even if an AP reach 18 associations, the next client trying to associate would trigger another calculation for the threshold which would be 21 (3 + 18) and so still, this threshold would never be hit.
Option 2
The description in the paragraph below is correct (The access point with the lowest number of clients has the lightest load. The client window size plus the number of clients on the access point with the lightest load forms the threshold). This sounds much more sensible to me. In this case, the window size was 3 and the AP with the lowest number of associations already had 7 clients associated, the load balancing threshold would be 10 i.e. no load balancing would occur until a client tried to associate with an AP which already had at least 10 clients associated.
Option 3
I have seen many descriptions on forums etc of the load balancing threshold being essentially the Client window size, i.e. if the client window size is 3 then load balancing will kick in when a client tries to associate to an AP with at least 3 clients already associated. This doesnt match the above documentation unless the AP with the least number of clients associated doesnt have any associated clients i.e. 0 clients.
Questions
I think Option 2 is the correct description of load balancing and the formula given stating use of the AP with the highest load is a typo (albeit still not corrected in the latest documentation). Am I correct?
The problem with using the option 2 method of calculating the load threshold is that you will be unnecessarily performing load balancing in an environment where some of your APs do actually have zero clients associated, unless you set the window size to somehing close to 10.
I read here http://www.perihel.at/wlan/wlan-wlc.html#aggressive-load-balancing that when calculating the load threshold, it only accounts for the 8 'best' APs for a given client. In other words, if you have 60 APs on your campus but only 20 are visible to the client, the controller will only perform its load threshold calculations bases on the 8 APs which have the best signal to the client. This would ,ake sense as there is no point setting a load threshold based on the lightest loaded AP which is not even within 'reach' of the client. Is this correct as I can not find any other documentation which supports this?
Thanks in advance for your help with this.Interesting, the config guide contradicts itself in the same paragraph..... I thought maybe we had two different documents with different explanations. I don't see any open documentation bugs asking to correct this, but I swear I've heard discussion on this in the past.......
First off: Option #3 was the "old way". I think it changed in 6.0. If you had a threshold of 5, then as soon as you had 5 clients on an AP it would reject the association (3 times and then let them on the 4th attempt). Now its a sliding window/scale.
Option #1 I think is completely wrong. As you described, how in the world would you ever surpass the threshold if the highest AP + the window is what you have to beat to load-balance....? RIght, that just doesn't make any sense to me.....
Option #2, the way you explain it is correct to my understanding...
Your question #3 is also correct (not sure if it is Top 8 or based on an RSSI threshold though.)
The idea is that you don't want some AP in a remote office with 0 clients being your starting point. So I believe that it is based on the top X candidate for your client. If your client has 4 viable candidates (lets just say -70 or better), and one of those APs has 5 clients and the rest have 15, I'd expect loadbalancing to try to get you to the 5 client AP if your window size was ~10...... something like that anyhow... -
WLC Voice Audit - Aggressive Load Balancing on WLAN not disabled
I am running v6.0.196 on 2 WLCs. Aggressive Load Balancing is disabled globally via WCS. (Configure / Controller / General / Aggressive Load Balancing = Disabled). When running the Voice Audit Tool against the VoWLAN, I receive the following:
"Aggressive Load Balancing on WLAN not Disabled"
I am unable locate the command or the screen to actually disable this on an individual WLAN. Is this perhaps a code glitch?
-RobertThis is not available on the WCS. I was able to locate this on the individual WLCs.
But thanks for pointing me where to look nonetheless!
-Robert -
LWAPP-3-REPLAY_ERR and load balancing issue
Guys, I was trying to troubleshoot this error in my WLC
Nov 24 00:30:01 wlc1: *spamApTask5: Nov 24 00:30:01.883: #LWAPP-3-REPLAY_ERR: spam_lrad.c:35169 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP 08:d0:9f:23:4f:e0
I did some search and I was trying to check if there was any replay attack in the network but I don't know where to start and kept searching for other reasons, and got an anwser in other blog. And this issue could be related to a Load-balancing config.
Eventhough,I've got Load-Balancing disable in all my WLAN's but still got these counters. How can I check if those are false positives?
(wlc-1) >show load-balancing
Aggressive Load Balancing........................ per WLAN enabling
Aggressive Load Balancing Window................. 10 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 17682 clients
Total Denial Sent................................ 30891 messages
Exceeded Denial Max Limit Count.................. 5032 times
None 5G Candidate Count.......................... 206270 times
None 2.4G Candidate Count........................ 5040 times
In the GUI the Load-Balancing is DISABLED per WLAN.yes, even I've upgraded my entire campus to 1702i and 2702i lightweight AP's with 8.0.115.0 code in my WLC I still got huge amount of LWAPP Replay Erros, please check the summuary of erros during yesterday..
14 APF-1-CONFLICT_IN_ASS_REQ: apf_80211.c
14 APF-3-CHECK_EXT_SUPP_RATES_FAILED: apf_utils.c
14 APF-3-CHECK_SUPP_RATES_FAILED: apf_utils.c
15 APF-3-NO_FRAMED_IP_ADDRESS: apf_radius.c
638 APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c
103 DOT1X-3-AAA_AUTH_SEND_FAIL: 1x_aaa.c
2427 DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c
55 DOT1X-3-AUTHKEY_TX_TRANS_ERR: 1x_kxsm.c
20 DOT1X-3-CLIENT_NOT_FOUND: dot1x_msg_task.c
1365 DOT1X-3-INVALID_REPLAY_CTR: 1x_eapkey.c
69 DOT1X-3-INVALID_WPA_KEY_MSG: 1x_eapkey.c
296 DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c
2 DOT1X-3-INVALID_WPA_KEY_STATE: 1x_eapkey.c
923 DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c
7 DTL-3-ARP_CLIENT_IP_DUPLICATED: dtl_arp.c
2 IPV6-3-CREATE_BINDING_FAILED: ipv6_net.c
2 IPV6-3-ORPHAN_ADDR_LEARNING_FAILED: ipv6_net.c
2 LOG-3-Q_IND: 1x_eapkey.c
3 LOG-3-Q_IND: rrmChanUtils.c
22 LOG-3-Q_IND: spam_lrad.c
5120 LWAPP-3-REPLAY_ERR: spam_lrad.c
2 LWAPP-3-VENDOR_PLD_VALIDATE_ERR: spam_lrad.c
3 RRM-3-RRM_LOGMSG: rrmChanUtils.c
615 RRM-3-RRM_LOGMSG: rrmLrad.c
2 SISF-3-INTERNAL: sisf_shim_utils.c -
WLC - Aggressive Load Balancing?
Hello,
The Wirless LAN Network bulit is as follows -
1. 1 x 4404 WLC
2. 40 x LWAPP 1131AG Access Points
3. Windows Clients used by the Laptop Clients.
4. Only one Wireless VLAN across the Capmus network - hence AP's, WLC & Clients are all in one VLAN / IP Subnet.
5. No Access Point Group is created.
6. Aggressive Load Balancing is enabled allowing 15 Clients as max connection per Access Point.
Problem facing -
1. Tried configuring the Aggressive Loadbalancing allowing only 2 x Clients per AP. But noticed that the 3rd Client connecting to the same AP as of the previous 2 Clients have connected. 3rd client is not associating to a different AP which is nearby.
Please can one help me, if i'm configuring & testing Aggressive Load Balancing in the right way!
Regards,
Keshava RajuAMR is on target. In fact I just completed 20 hours worth of testing with variuos clients with ALB for a white paper I am doing. Code 17 isnt honored by most clients and is only sent 1 time from the AP. The clients will contiue to attempt to associate to the AP and the AP will allow them on.
Here is a peek of my white paper "still in draft"
WLC - Cisco WLC Aggressive Load Balancing; What is it and where did it go in 6.0!
I've spent the majority of my WLC experience at code level 4.2. Not by choice really, more
based on the fact that 4.2 is pretty darn stable and it is the only safe harbor to date for the Cisco WLC. Healthcare and Enterprise enviroments are typically slow to move on upgrades, especially when things are operating fine.
Since my latest project involves the deployment of hundreds of Cisco 1142s @ location grade, it required that I move to later code to support the 1142 access points. After much research, conversations with our
local Cisco Wireless SE, conversation with peers at other healthcare organizations, and direct contact with the aware team I had decided that 6.0.188.0 was a release that was of great interest.
As I start to get fimilar with the new code I am starting to see that things got moved around a little. One of the items is Aggressive Load Balancing. If you aren't fimilar with Aggressive Load Balancing (ALB) you definitly need to be and let me share why.
First lets look at what ALB is and how it works and then we will dive into the differences between the 4.2 code and the new options 6.0 gives us. ALB when enabled, allows the Cisco WLC to load balance wireless clients on access points that are joined to the same controller. “Key word here – same controller”. You can configure the load balancing window globally in the controller. What is the load balancing window you ask? Well is the maximum number of clients that should be allowed on the access point BEFORE it will start to load balance.
Lets assume for a moment you have an access point with 5 clients already attached. When client #6 sends association request to the access point the access point will kindly respond with an associaton response frame with the reason code of 17. The wireless client will see reason code 17 in the association response and will kindly find other access points to associate with. However, some devices will ignore this frame and yet still continue to try and associate to the access point. Note: The Cisco WLC will ONLY send 1 reassociation frame with a reason code of 17. It doesn’t flood the medium / client with multiple frames.
Its up to the client to honor this information and move on. But I can tell you from my experience and testing this isn’t always the case.
By default, 4.2 and 6.x both have a load balancing window of (5). Lets look at an example.
The window setting controls when aggressive load−balancing starts. With a window setting of five, for
example, all clients after the sixth client are load−balanced.
I know, what is the reason code talk, right. Lets cover this as well. If you dive into the 802.11 frames you will see “Reason Codes”. When a client sees the reason code of “17”, it indicates to the client that the access point is busy and the client should look else where.
yada yada yada
I will post the complete paper on my site: my80211.com in the next week or so ... -
Question about Load Balancing Wireless connections using WLC- F5- ISE
Hi all,
Can anyone give me some orientation how the radius auth process/handshake between the WLC and ISE changes once the F5 is installed in the middle in order to perform load balancing?
We can do some kind of load balancing by configuring different radius servers on each WLC for which, I must configure the same shared secret in the WLC and ISE so the radius request/accept could be processed.
Now that we have the F5 in the middle, do I need to create/configure the same shared secret in the F5 so radius transactions can be processed by this device?. Based on the following link, I must configure the F5 in the ISE like another NAD device (similar to the WLC) but I do not know if this additional configuration in the ISE includes the Auth parameter to be added in the ISE NAD (F5) configuration.
How to properly use a load balancer in Cisco's Identity Services Engine
http://www.networkworld.com/community/blog/load-balancing-cisco-identity-services-engine
Our sheme is shown next,When you covert the pair into SSO, all the APs will go to the ACTIVE unit. No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
This is the first step you need to get sorted. Send an email to [email protected] and give them the exact details of what you want to do (i. e. AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC. -
Wireless clients load balancing on the APs on WLC 4404
Hi Experts,
I'm just wondering if the WLC 4404 with firmware 4.2.207.0 can load balance the wireless clients on different WAPs. Let's say that an AP is already handling 15 Wireless devices. When the 16th is trying to join, the controller somehow puts it on another nearby AP, even the signal from this AP is weaker. I heard the similar feature on other Wireless solution vendors. I'm just wondering if Cisco has the similar feature or not.
Thanks!Yes it is known as aggressive load balancing sending a code 17 making the wireless client to loook at another nearby AP.
here it is the documentation:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809c2fc3.shtml -
WLC 5508 LOAD BALANCING APs to HA-SSO
Do somebody knows what´s going to happen about configuration when you migrate 2-WLC 5508 giving wireless services correctly, using load balancing with the APs to HA-SSO mode???
At this time we have some AP groups in WLC1 and in WLC2 we don´t have the AP groups, what´s going to happen with the configuration of both WLCs, both configuration are going to be merged??
REGARDSWhen you covert the pair into SSO, all the APs will go to the ACTIVE unit. No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
This is the first step you need to get sorted. Send an email to [email protected] and give them the exact details of what you want to do (i. e. AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC. -
WLC 7.5.102.0 Client Load Balancing
Hi,
Regarding 'Client Load Balancing' feature in WLC code 7.5.102.0, which one will take precedence:
- Load Balancing enabled in RF Profile and applied in an AP Group.
- Load Balancing enabled in WLAN
Also, is there any way to determine the statistics of the Load Balancing in RF Profile? (similar to the Statistics for Client Load Balancing enabled per WLAN in Wireless> Advanced > Load Balancing > Load Balancing Statistics)
Thanks in advance!
- edisonRF Profiles overrides any global settings, just like AP Groups can override the vlan or interface mappings.
say for example, I want to leverage the RF Profile for highly dense deploytment (like Town Hall or influx of users) and as result i want to deploy more temp APs that will coexist my existing APs. I just want to modify the High Density parameter - limiting the max clients only. but the RF Profile comes with the Load Balancing too and i don't think it cannot be disabled separately.
> Load balacing is enabled on the WLAN and isn't in the RF Profile. High Desnity, you create a RF Profile to disable the lower data rates, maybe 54 and 36 as mandatory and 24 and or 48 supported... depends on how much you want to shrink your cells. Also setting the max and min TX power.... no need for load balancing if you shrink the cells down.
so when i apply the RF Profile to the AP Group, the profile's Load Balancing settings will also be applied together with my preferred High Density settings - while my WLAN settting is not enabled with Load Balancing.
> No.... you either enable load balancing on the WLAN or not. The screen shot I showed you is a threshold configuration if its enabled.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"***** -
WLC 4404 - Clearing the Load Balancing Statistics?
Does anyone know of a way to clear the load balancing statistics from a WLC 4404? I've looked through the gui and CLI and can't seem to find a way to do it.
Thanks,
RobYou can do a 'show summary' to see the number of connections that have been sent to each servers.
You can't see the number of bytes so.
I would suggest to collect this info on the server.
Regards,
Gilles. -
removed
Hello,
Aggressive load-balancing on the WLC allows the LAPs to load-balance wireless clients across APs in an LWAPP system.
Please take a look at the following cisco doc which illustrates aggressive load-balancing on the WLC:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809c2fc3.shtml -
How can I debug Aggressive Load Balancing on the WLC ?
Hello Cisco-Experts,
I'm looking for the command on the Cisco WLC to debug Aggressive Load-Balancing.
There is a nice document, ID 107457 describing this feature, but it lacks the command.
Please investigate and help me and maybe improve YOur documentations.
Thanks in advance
WinfriedHello NetPros,
I have disabled now "Agressive Load Balancing" now on the WLC. To my surprise, still Load-balancing packets are received from our HREAP-APs via a WAN-Link on the central WLC.
Here is an example:
Tue Jan 13 15:35:59 2009: 00:1c:bf:4a:3f:2e LBS data stored for Mobile 00:1c:bf:4a:3f:2e from AP 00:23:5d:0e:e9:e0(0) new saved RS
SI (A -128, B -53), SNR 41, inUse 1, [rcvd RSSI (A -128, B -54), SNR 40]
Tue Jan 13 15:35:59 2009: 00:1c:bf:4a:3f:2e LBS data rcvd for Mobile 00:1c:bf:4a:3f:2e from AP 00:23:5d:0e:e9:e0(0) with RSSI (A -
128, B -55), SNR 42
Tue Jan 13 15:35:59 2009: 00:1c:bf:4a:3f:2e LBS data stored for Mobile 00:1c:bf:4a:3f:2e from AP 00:23:5d:0e:e9:e0(0) new saved RS
SI (A -128, B -54), SNR 41, inUse 1, [rcvd RSSI (A -128, B -55), SNR 42]
It is remarkable that the MAC-addresses of many of the WLAN-clients do not belong to our company and packets are send via a WAN-link.
Why do I see these packets while load-balancing is disabled ?
How is this working ?
Thank You for any explanation.
Winfried -
WLC-4402 : Users complaint slow down load
Hello
My users complaint the down load speed is slow when using wireless. I checked and indeed is slow.
Before this happen, my WLC is running 802.11b/g. So my thought maybe the 802.11b can slow down
on the users so I changed WLAN to run on 802.11g only. Well, it is still slow. If anyone has any idea
on this is appreciated.
The WLC-4402 is running on version 4.1.185 and all 19 LAPs is 1242AG with IOS version 12.4(3g)JA2OUCH...
"Channel Utilization is depending on what channel and is changing from time to time.
Channel 1 is between 17 and 62, Channel 6 is between 9 and 33, and Channel 11 is between 28 and 45"
Do your APs have 802.11a radios? If so, move your asscoation to the 802.11a side and run your test... Your channel utlization is high, very high. I assume you have 1 PHY rate set to mandatory and lower data rates are enabled 1,2,5.5 ?
Lets clean up the utilization first and see the results before you go further...
Test the 802.11a side ... -
ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe
Hello guys
Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
Thanks in advance
SayreHello Sayre-
For Question #1:
Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
You can configure Radius and Profiling to be enabled on other interfaces
Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
Take a look at this link for more info:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
For Question #2
If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations.
The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
–Option 12—HostName of the client
–Option 60—The Vendor Class Identifier
After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
I hope this helps!
Thank you for rating helpful posts!
Maybe you are looking for
-
I'm not able to pair my iPad via Bluetooth with my Logitech mini-Boombox. I recently brought my iPad to the Apple Store for an unrelated problem, and they replaced it with a new device. The old device had no problem pairing with any of my Bluetooth d
-
No, because you are doing something new and uncharted. But the rules are in (doing from memory) /usr/local/pf/conf (somewhere) there is the iptables template that gets copied to the correct location in /etc/sysconf/iptables. I can dig around in my t
-
My data doesn't work on my new Iphone 5c but I can make calls and text. The wifi works, but my data doesn't. I have checked to make sure my data is on and everything. How can I fix this issue?
-
Dear Friends, we need certain infotypes(it0105(01) etc...) to be maintained for a applicant during applicant data is transfered to Master data our client don't want to maintain separately after the data is transfered to master data in pa3
-
Setting 'ReplytoAddress' in NormalizedMessage using BPEL client API-failing
Hi all, I tried specifying 'Reply to Address' property in Normalized Message using BPEL Client API to receive response from Asynchronous BPEL process but it's not working. I am facing the following situations:- 1.Just setting 'Reply To address'-raise