WLC AP Failover Priority

We use WCS to migrate AP's to "backup" controllers prior to making changes to our primary wireless controllers.
However, this process is long and arduous when your AP's number in the hundreds, a 5-minute failover per AP can take hours.
Changing the failover priority to "critical" would definitely speed up the process, but at what cost?
Leaving them at "low" makes for a graceful migration.  Supplicants roam to another AP and are none the wiser.
Besides the speed in which the AP's fail over to a secondary controller, what other differences are there between the AP failover priorities?
Do the AP's, when set to "critical" no longer send disassociation frames to the clients?
I've looked at design guides and FAQ's, but nothing says what happens, just that you can change the priorities.
Thanks!
Ven
Running 7.0 code on 6k-WISM
Multiple AP types.

Ven,
     My understanding with the failover priority was that it was meant to classify the ap's into groups of importance in the event you lost a controller and had insufficent capacity to allow all the ap's onto the other controllers, those with the critical priority would be allowed to join a full controller and a lower priority ap would be dropped. I am not sure why that would make the failover happen quicker.
HTH

Similar Messages

  • 2 WLCS for failover

    Hi,
    I want to buy a second WLC. The equipment hasn't been ordered yet so I just trying to think a head.
    As I understand it if I buy the second WLC and put it in the same mobility group then enable AP fallback that is all I have to do. Is that really it? They will be 2504's. The APs are Air Cap 36021-A-k9.
    What about adding the access points etc etc does that happen automatically and the config gets replicated? Again sorry to ask what might be a stupid question for many but I really know very little about wireless at the moment.
    Also is there an idiots guide somewhere for setting up guest wireless lans?
    Thanks,

    Consider a scenario where there are two Wireless LAN Controllers (WLCs) named WLC1 and WLC2. These WLCs are configured in the same subnet in one WLAN. In order to achieve high availability, this is how the WLAN is configured:
    WLC1 and WLC2 are configured within the same mobility      group.
    Half of the access points are configured to use WLC1 as      the primary WLC and use WLC2 as the secondary WLC.
    The other half of the access points are configured to      use WLC2 as the primary WLC and use WLC1 as the secondary WLC.
    The fallback feature is enabled on both WLC1 and WLC2.
    Network Diagram
    Resolution
    If any of the WLCs go down, the access point that is joined to the failed WLC  recognizes this (keep alive (heartbeat) between access point and WLC). Therefore, the access point begins to join the good WLC, which still runs. This is not stateful failover, which means that the access point has to join the new WLC and therefore the wireless clients.
    Also, if either of the WLCs do not work and the affected access points re-register to the other WLC, then the wireless clients have to re-associate and therefore lose wireless connection during failover as it is not stateful failover. The failover is not transparent to the WLAN client. That is, the WLAN clients lose their WLAN connectivity during access point failover.
    Access points and clients are not effected on the WLC that runs. This means that the fallback of the access point is not transparent to the clients. Only access points and clients on the failed WLC are effected.
    In order to configure the WLAN Controller failover for Lightweight Access points, the Access Point must be configured correctly in a mobility group for the AP failover and each Wireless LAN Controller (WLC) must have the AP failover feature enabled.
    Configure the Fallback Feature on WLC
    The last step is to configure the Fallback feature on the controller. This feature ensures that the AP switches return to the first WLC when the WLC that comes back on line. Complete these steps:
    From the GUI, choose Controller > General.A      list of options appears on the General screen.
    For the AP Fallback option, choose Enabled from      the drop-down menu.
    Click Apply.Note: It is sufficient to      enable the Fallback feature on the secondary controller alone. But it is      recommended to configure it on the primary WLC as well because it can be      configured as a secondary controller for other access points
    http://www.cisco.com/image/gif/paws/69639/wlc_failover-12.gif
    After you complete these steps, the setup is configured for WLC failover. When the primary controller (WLC-1, in this case) goes down, the APs automatically get registered with the secondary controller (WLC-2). The APs register back to the primary controller when the primary controller comes back on line. AP switching between the primary and secondary controllers also affects the wireless clients associated with these APs.
    In controller software release 5.1.151.0, you can configure the wireless network so that the backup controller recognizes a join request from a higher-priority access point and, if necessary, disassociates a lower-priority access point as a means to provide an available port. In order to configure this feature, failover priority must be enabled on the network and assign priorities to the individual access points. By default, all access points are set to priority level 1, which is the lowest priority level.
    Note: Be aware that Failover priority takes effect only if there are more association requests after a controller failure than there are available backup controller ports.
    Wireless LAN Controller Failover Priority
    During installation, Cisco recommends you connect all lightweight access points to a dedicated controller, and configure each lightweight access point for final operation. This step configures each lightweight access point for a primary, secondary, and tertiary controller and allows it to store the configured mobility group information. When sufficient controllers are deployed, if one controller fails, active access point client sessions are momentarily dropped while the dropped access point associates with another controller, which allows the client device to immediately reassociate and reauthenticate.
    You can also follow the below link(WLAN Controller Failover for Lightweight Access Points Configuration Example)
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml

  • Report on AP Failover Priority

    Does anyone know of a way or place that the AP Failover setting on the AP is reported in WCS.  I can't seem to find anywhere this setting appears in any inventory report.  The only way I seem to be able to look this up is to go AP by AP and look at the config screen.
    Thanks for any guidence.
    JC

    Rats! I was just about to ask the same thing. Sorry to see that there were no answers to the original post.
    (Will it bump this question up if I ask again here, or will I need repost the whole question to get new answers?)
    Basically, I'd like a Monitor screen or a report that gives a table with each AP and its failover setting. I have only 75 APs, on a -25 and -50 4402. I think I've set my favorite 25 APs to "High", and then then next most important 25 to "Medium" and then the rest should be low. That way, if either my -25 or -50 WLC fails, I still have the best coverage possible.
    But, I can't find any way to easily check these settings, except by individually selecting each AP one by one from the Configure>Access Points table.
    This is tedious even on my small system, and I can't imagine it would be any fun at all on a bigger one. (Maybe those big systems have full redundancy so the failover is not an issue?)
    Thanks for any insights,
    Steve

  • Is it possible to use a 5500 WLC and a 2500 WLC as failover?

    I am curious to know if there are any technical issues with this design. The 5500 WLC would be the primary and 2500 WLC would be the secondary. The only need for the secondary would be in the event of failure of the primary, and support needs when doing maintenance such as code upgrades.
    We would use the same version of code on each controller and apply the necessary amount of AP licenses on each. The controllers would have identical configurations and host multiple SSID's, including offering guest services. Does the 2500 support guest network services?

    Yeah, believe the 2500 only does multicast-multicast mode.  Which isn't that big of a deal usually.  MM being the preferred method.
    the 2504 also has that 300M backplane limitation.  SO if you are going to use the 2504 I would recommend HREAP so you don't have to worry about that.
    Not supported on 2504.
    •Support for wired guest access.
    •Cisco 2500 Series Controller cannot be configured as an auto anchor controller. However you can configure it as a foreign controller.
    •Supports only multicast-multicast mode.
    •Bandwidth Contract feature is unsupported.
    •Access points plugged directly into the WLC.
    •Service port support
    •Apple Talk Bridging
    •LAG
    •Wired Guest
    Steve

  • WLC AP failover

    I'm doing a software and FUS upgrade on a set of 5508's in HA- mode (Primary and Standby) and do not want the AP's to fail over to another controller in the mobility group during the software upgrade, but I want them to during the FUS upgrade.
    Do I just take the controller out of the mobility group to do this during the software upgrade, then put the controller back in the mobility group just before the FUS upgrade so the AP's will fail over?
    I've heard that the AP's will still fail over to another controller on the network even if it's not in the mobility group.. is this true. 

    If I'm right, you are already running an HA SSO pair but with other WLC's mobility members in the same mobility group. If so, all the joined access-points will automatically receive the management IPv4 address of the other WLC's within the same group. This is not the case when other WLC's are in a different mobility group (and still configured in the mobility list of the HA SSO pair WLC).
    There are also some other methods for the AP to learn about other WLC's:
    - The configured primary, secondary and tertiary WLC on the AP itself
    - Globally configured backup WLC
    - If there is still no WLC to go to, the AP will go back to normal discovery process to find other WLC's.
    You can verify which WLC's your access-point knows off on the access-point itself:
    AP#show capwap client config
    mwarName <- Name and IPv4 address of the configured primary WLC on the AP     
    mwarIPAddress 0.0.0.0
    mwarName <- Name and IPv4 address of the configured secondary WLC on the AP
    mwarIPAddress 0.0.0.0
    mwarName <- Name and IPv4 address of the configured tertiary WLC on the AP
    mwarIPAddress 0.0.0.0
    << >>
    Configured Switch 1 Addr x.x.x.1 <- Currently joined WLC
    Configured Switch 2 Addr x.x.x.2 <- The next WLC from the mobility list with in the same mobility group as the currently joined WLC
    AP#show capwap client ha
    primaryBackupWlcIp      0x0 <- IPv4 address and name of the first global backup WLC
    primaryBackupWlcName
    secondaryBackupWlcIp    0x0 <- IPv4 address and name of the secondary global backup WLC
    secondaryBackupWlcName
    So to make sure your access-points wont go to other controllers when you are upgrading you need to make sure they don't know about the other ones and the can't learn about them either (like layer 3 broadcast, DHCP option 43, DNS).
    Depending on your infrastructure maybe something like an temporary ACL is less time consuming and less complex as well to get the same result in the end.

  • WLC HA Failover on L2 Fibre Optic WAN

    Hi there,
    I am just wondering if the below scenario works, if the L2 Fibre Optic Wan link is down between the two DCs. Please refer to attached diagram.
    ======================================================================
    The Fibre link is L2 link, meaning that the VLANs are spanning between the 2 DCs.  HSRP is being used on all VLANs and DC1 being the primary active interface for all VLANs. In the event of the L2 Fibre Link failure, the VLAN interfaces on the respective core will become active, providing gateway access for all VLANs.
    The WLC HA pair is between the DCs via the L2 Fibre link and  the redundant port communication happens via the Fibre link.  WLC in DC1 is the Active box and the WLC in DC2 would be in “Standby hot” mode.
    When the L2 Fibre  fails, the HA Primary box in DC 1 will detect that its lost communication to the standby box(via both redundant port and network) and will still continue to function in active state. The HA Secondary box in DC2 will detect that the Primary failure(via both redundant port and network) and transition itself to Active state. In this scenario when the L2 link is down, both WLC would be in active – active state.
    Upon the link coming back online, the wlc WOULD BE SYNCED and goes into active-standby state.
    ===========================================================================
    Would the above scenario work, as I am unable to find any documentation describing about WLC HA setup which can run in “ACTIVE-ACTIVE” state.

    The redundant ports are to be connected via the core switch(on same VLAN )at the respective DCs.
    I doubt if this will work.  
    Redundancy Port
    This interface has a very important role in the new HA architecture. Bulk configuration during boot up and incremental configuration are synched from the Active WLC to the Standby WLC using the Redundant Port. WLCs in a HA setup will use this port to perform HA role negotiation. The Redundancy Port is also used in order to check peer reachability sending UDP keep-alive messages every 100 msec (default timer) from the Standby WLC to the Active WLC. Also, in the event of a box failure, the Active WLC will send notification to the Standby WLC via the Redundant Port. If the NTP server is not configured, a manual time synch is performed from the Active WLC to the Standby WLC on the Redundant Port. This port in case of standalone controller and redundancy VLAN in case of WISM-2 will be assigned an auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (the first 2 octets are always 169.254).
    What you are proposing to do defeats the true purpose of HA SSO.  So you depend entirely on a switch and if your fibre cuts, you are gone.  Both WLC goes into Active-Active.  What you are proposing to do is NOT what is intended for HA SSO.  You might as well turn HA SSO off.
    Besides, with your setup, you don't need a Layer 1 issue.  All you need is something as simple as a STP loop and *BOOM*, WLC will go into Active-Active.  
    You might be able to get away with this if, you might say, you connect Redundant Ports (RPs) to fibre optic media converter.  As long as there is nothing in between both converters then this might even work (as long as either one of the media converters don't loose power).  
    Can you also specify what kind of WLC/WiSM are you planning to use?  This design of yours doesn't call of a WiSM-2, does it?

  • How much time does an AP take to failover to secondary controller

    hi All,
    My query is to understand how much time will an AP take to failover to its secondary WLC(Backup) incase primary goes offline.
    Whats the heartbeat time for each AP to verify reachability to WLC.
    also what is the purpose of AP Fail over priority under each AP. i want to ensure AP's fall back to primary WLC once its back online.(Preemption)

    Hi Matehw,
    My query is to understand how much time will an AP take to failover to its secondary WLC(Backup) incase primary goes offline.
    We can not tell exact time but normally It takes 1-3 minutes.
    Whats the heartbeat time for each AP to verify reachability to WLC.
    AP Heartbeat Timeout - AP sends heartbeat to WLC (By default its 30s). Once the primary WLC(or where AP is connected to)goes down, With heartbeats, the AP realizes sooner that the controller has become unreachable.
    also what is the purpose of AP Fail over priority under each AP.
    First of all there are three types: it goes like this Cirtical...high...medium..low.
    ***To configure AP failover priority, we must enable AP Fallback feature globally and then individual APs with a suitable priority level. 
    *** When using both the local  and global backup configurations, the locally configured settings take precedence in the event of a controller failure. If an AP is not able to join any of the locally configured controllers, it then tries to join the global backup controllers.
    More info:
    http://rscciew.wordpress.com/2014/01/22/ap-failover/
    Regards
    Dont forget to rate helpful posts

  • 5760 WLC and 5760 HA WLC question

    Hi everyone,
    I assume this information must exist... I just cannot locate it. Customer purchasing two 5760 WLCs:
    1     AIR-CT5760-500-K9
    1     AIR-CT5760-HA-K9
    I am looking for info on how to configure these 2 WLCs to work together.  How do you inform the production WLC that a HA WLC is available to sync with? Do WLCs have to be L-2 adjacent, or will HA operate at L-3?  How does this HA setup work? etc.
    Any help would be really appreciated.

    Hi,
    Any news regarding this issue?
    We've have the same scenario:
    1     AIR-CT5760-500-K9
    1     AIR-CT5760-HA-K9
    Both running
    IOS XE 03.03.01SE
    I've activated Global AP Failover Priority in both WLC and from a total of 47 APs, i've configured 8 with Priority Critical, 7 APs with Priority High and  3 APs with Priority Medium.
    We've issued an reload to the primary WLC and it took 7 minutes for the APs recover from the Secondary to the Primary
    13:14 - reload issued on the primary WLC
    13:15 - service granted by the secondary WLC (required an shut/no shut to the "Network Status" of the radio interfaces)
    13:22 - service recovered to the primary WLC
    Edit - Forgot to mention that the priority values mentioned above didn't show much improvement in the AP recovery time...

  • Multiple WLC and AP secondary config

    Hi all, we have 2 WLC, each licensed for 12 AP's. Here is the issue, we will have up to 20 Ap in our enviroment. No problem getting each AP assigned to a primary controller. My question is assinging an AP to a secondary. If I assign 10 AP's to each as a primary, and then have each assigned to the other controller as a secondary, in the event we lose 1 controller the other will now have 20 AP's associating with it. How does the WLC handle this situation? Just accept the first 2 requests then ignore all the other 8 request?

    Hi Jeffrey,
    Just to add a note to the great tips from Dan and Leo (+5 points each guys!)
    One of the recommended designs for WLC/AP failover and redundancy is referred to as the "n+1" rule. So in your design you would add a third WLC that had no AP's associated to it. It would be licensed for either 12 or 25 AP's. 12 in case one of your WLC's fails or 25 in case both active WLC's fail :)
    WLAN Controller Failover for Lightweight Access Points Configuration Example
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c4
    Hope this helps!
    Rob

  • How to replace faulty Flex 7510 WLC on HA

    Hi guys,
    I have a faulty secondary 7510 controller (on HA) and going to replace with a new one. How do I go about this?
    What steps should I take?
    Anyone done this before?
    Thanks in advance.

    You need the new WLC and configure as seconder with few basic configuration which i auto via start-up script. Make sure the settings are same on new WLC as before on secondary.
    Mobility mac , redundancy port and MG are the same and remaining info will be sync on the secondary WLC and failover occurs when primary goes down.
    More detail is given as below.
    Ref: http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html

  • Is there a LW AP preemption function?

    If I have 2x 4402 WLCs with a 12AP licence and 20 1140 LWAPs, is there some way that I can configure the system so that in the event of a failure on one of the WLCs certain APs will preempt other associated APs and take their spot on the WLC?
    For example:
    I have an Executive AP and a 'Breakroom' AP, and they are on WLC1 & WLC2 respectively.
    WLC1 fails. Executive AP (plus 9 other APs) are now orphaned. There are only 2 spots free so that leaves 8 orphaned APs. If the Executive AP is still orphaned is there any automatic mechanism to de-associate the Breakroom AP in favor of the Executive AP?
    I have WCS in this example too.
    thanks

    Sounds like AP failover priority will give you what you are looking for.
    http://www.cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/c60lwap.html#wp1424902

  • N+1 redundancy and different mobility groups

    Is it possible to backup 2 controllers with 2 different mobility groups (for example GROUP1 and GROUP2) to the same backup controller (running HA SKU N+1 (7.4)) ?
    Since a controller can only be configured in 1 mobility group, this doesn't seem to be possible. Can someone confirm ?
    regards,
    Geert

    Hello,
    As per your query i can suggest you the following solution-
    In all Wireless LAN Controller (WLC) versions earlier than 4.2.61.0, when a WLC goes "down," the LAP registered to this WLC can failover only to another WLC of the same Mobility Group, if the LAP is configured for failover. From Cisco WLC version 4.2.61.0 and later, a new feature called Backup Controller Support is introduced for access points to failover to controllers even outside the Mobility Group. Refer to Wireless LAN Controller and Light Weight Access Points Failover Outside the Mobility Group Configuration Example for more information.
    Hope this will help you.

  • Upgrading mdc G5 xserves

    I've just finished upgrading/replacing our two mdc G5 xserves with new intel xserves. Both of our new xserve machines are running the latest version of Snow Leopard and Xsan. Both mount our Xsan volume with no trouble but I can't seem to see or add these new machines in Xsan Admin. Because our facility is being used 24/7 and the xsan volume is always running I'm hosting the volume on our legacy G5 system and attempting to add the new intel xserve machines from xsan admin on the G5. CVADMIN recognizes the new xserve machines as ADM but when I try to use the Xsan Admin app on the new machine it won't let me see or add the new machines. Has anyone made a similar changeover from G5 xsan 2.1.1 to intel 2.2.1 and how did you do it without taking the xsan volume offline? Any insight or suggestions are greatly appreciated. Thanks.

    I would remove old failover MDC from the Xsan and install new intel Xserve with 10.6.4 with 2.1.1 (not 2.2.1). Add it to the Xsan as client, promote it to MDC, switch the failover priority to make new Xserve main mdc. Then repeat the procedure to replace the other Xserve PPC. After making sure you can failover from one new mdc to another I would upgrade Xsan to the latest version.
    It looks like it is to late for this procedure so you may try to stop xsan (cvadmin), all of the clients, backup mdc and primary mdc. Then turn on primary mdc, start Xsan volume, turn on backup mdc and clients.
    vj

  • N+1 5508 WLC failover test

    Good day all,
    I have a question about the N+1 5508 failover test:
    Should I shutdown one of the primary WLC to test failover?
    I just setup the N+1 bakcup WLC (5508). B
    Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
    We have two production WLCs both 5508 and one 4405.
    We just purchased another HA-SKU WLC 5508.
    All our four WLCs had been setup into one mobility group in version 7.4.100.6.
    Their neighbors are all up.
    But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
    Here are the log screen:
    ================ From test Access Point============
    *Mar  1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
    *Mar  1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
    *Mar  1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
    *Mar  1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
    *Aug  2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
    *Aug  2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
    *Aug  2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
    *Aug  2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Aug  2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Aug  2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
    *Aug  2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
    *Aug  2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
    -test-ap1#sh int bvI 1
    BVI1 is up, line protocol is up
      Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
      Internet address is 10.255.1.3/24
    ===================From backup N+1 WLC===
    *spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    *spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    ==================== From one of our Primary WLC=====================
    (WLC-5500) >show advanced backup-controller
    AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
    AP secondary Backup Controller ..................  0.0.0.0
    (WLC-5500) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Primary
             Unit ID = 54:75:D0:DE:DE:40
    Redundancy State = N/A
        Mobility MAC = 54:75:D0:DE:DE:40
    Redundancy Management IP Address................. 0.0.0.0
    Peer Redundancy Management IP Address............ 0.0.0.0  
    Redundancy Port IP Address....................... 0.0.0.0
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (WLC-5500) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            250               203               47
    ==============From the Backup N+1 WLC in DR =====================
    (Cisco Controller) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Secondary - HA SKU
             Unit ID = 6C:41:6A:5F:4C:80
    Redundancy State = N/A
        Mobility MAC = 6C:41:6A:5F:4C:80
    Redundancy Management IP Address................. 10.254.240.3
    Peer Redundancy Management IP Address............ 0.0.0.0
    Redundancy Port IP Address....................... 169.254.240.3
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (Cisco Controller) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            500               0                 500

    Current AP High Availability Configuration:
    2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
    DC-WiFi-SVC1-LAB(config)#inter
    DC-WiFi-SVC1-LAB(config)#interface por
    DC-WiFi-SVC1-LAB(config)#interface port-
    DC-WiFi-SVC1-LAB(config)#interface port-channel 3
    DC-WiFi-SVC1-LAB(config-if)#shut
    DC-WiFi-SVC1-LAB(config-if)#
    Log in the AP after shutdown:
    Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 3)
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 7)
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 8)
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
    *Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
    *Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
    *Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
    *Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
    *Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
    *Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    APe4d3.f11e.a8e1#         
    3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    CONCLUSION:
    I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine.

  • WLC RADIUS Server Failover - Passive mode timer

    In 7.2 WLC code, it appears it is now possible to specify which RADIUS servers are used as the preferred server for authentication (
    Security > AAA > RADIUS > Fallback to open the RADIUS > Fallback Parameters ).
    There are 3 mode for this: off, passive & active.
    In the passive mode, the operation is described in the config guide as :
    Passive
    —Causes the controller to revert to a server with a lower priority from the available backup servers without using extraneous probe messages. The controller ignores all inactive servers for a time period and retries later when a RADIUS message needs to be sent.
    Does anyone know how long this 'time period' is? If it is only a few seconds, then it could be that user authentications are being used to test against a failed RADIUS server frequently & will experience annoying time-out delays, causing support calls etc.
    Anyone know what it is, or if its configurable? I don't see anything in the docs...
    Nigel.

    Here you go.
    RADIUS Server Fallback Feature on WLC.
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008098987e.shtml#passive

Maybe you are looking for

  • Problem while printing from SAP GUI for HTML

    Hello, We are trying to print a delivery confirmation from the portal using SAP GUI for HTML. We have followed note 771683 to do this. However we are facing the following problems: 1) The print action(PDF creation) is not triggered until the user per

  • Newbie: Toolbar Button QuickPrint works not in Browser

    Hi all, does anybody know a solution for this: - wrote a javascript that adds a toolbar button with the following lines: app.addToolButton({                cName: "atbToolButton1",            //    oIcon: oIcon,                cExec: "this.print({bUI

  • Can only open reader once

    Whenever I try to open Reader XI or open a .pdf file, it will allow me to open it one time after I start my computer.  If I try to open another .pdf file or even open the first file again (after closing), Adobe Reader will not open. No error messages

  • Item with no price defined

    Hello, Is there any report that can list Item having no price defined ? If not, could you please help me to build a query to find these items ? Note : our price lists are defined at Item value. Thanks in advance.

  • Charm Prerequisites for satellite systems

    What versions of sap needs to be installed on the satellite system in order to work with solution manger charm. For example can charm be made to work with a SAP 4.6C system? Where is this documented? I did a search and can not find it anywhere. Easy