WLC AP failover

Similar Messages

• 2 WLCS for failover

  Hi,
  I want to buy a second WLC. The equipment hasn't been ordered yet so I just trying to think a head.
  As I understand it if I buy the second WLC and put it in the same mobility group then enable AP fallback that is all I have to do. Is that really it? They will be 2504's. The APs are Air Cap 36021-A-k9.
  What about adding the access points etc etc does that happen automatically and the config gets replicated? Again sorry to ask what might be a stupid question for many but I really know very little about wireless at the moment.
  Also is there an idiots guide somewhere for setting up guest wireless lans?
  Thanks,

  Consider a scenario where there are two Wireless LAN Controllers (WLCs) named WLC1 and WLC2. These WLCs are configured in the same subnet in one WLAN. In order to achieve high availability, this is how the WLAN is configured:
  WLC1 and WLC2 are configured within the same mobility      group.
  Half of the access points are configured to use WLC1 as      the primary WLC and use WLC2 as the secondary WLC.
  The other half of the access points are configured to      use WLC2 as the primary WLC and use WLC1 as the secondary WLC.
  The fallback feature is enabled on both WLC1 and WLC2.
  Network Diagram
  Resolution
  If any of the WLCs go down, the access point that is joined to the failed WLC  recognizes this (keep alive (heartbeat) between access point and WLC). Therefore, the access point begins to join the good WLC, which still runs. This is not stateful failover, which means that the access point has to join the new WLC and therefore the wireless clients.
  Also, if either of the WLCs do not work and the affected access points re-register to the other WLC, then the wireless clients have to re-associate and therefore lose wireless connection during failover as it is not stateful failover. The failover is not transparent to the WLAN client. That is, the WLAN clients lose their WLAN connectivity during access point failover.
  Access points and clients are not effected on the WLC that runs. This means that the fallback of the access point is not transparent to the clients. Only access points and clients on the failed WLC are effected.
  In order to configure the WLAN Controller failover for Lightweight Access points, the Access Point must be configured correctly in a mobility group for the AP failover and each Wireless LAN Controller (WLC) must have the AP failover feature enabled.
  Configure the Fallback Feature on WLC
  The last step is to configure the Fallback feature on the controller. This feature ensures that the AP switches return to the first WLC when the WLC that comes back on line. Complete these steps:
  From the GUI, choose Controller > General.A      list of options appears on the General screen.
  For the AP Fallback option, choose Enabled from      the drop-down menu.
  Click Apply.Note: It is sufficient to      enable the Fallback feature on the secondary controller alone. But it is      recommended to configure it on the primary WLC as well because it can be      configured as a secondary controller for other access points
  http://www.cisco.com/image/gif/paws/69639/wlc_failover-12.gif
  After you complete these steps, the setup is configured for WLC failover. When the primary controller (WLC-1, in this case) goes down, the APs automatically get registered with the secondary controller (WLC-2). The APs register back to the primary controller when the primary controller comes back on line. AP switching between the primary and secondary controllers also affects the wireless clients associated with these APs.
  In controller software release 5.1.151.0, you can configure the wireless network so that the backup controller recognizes a join request from a higher-priority access point and, if necessary, disassociates a lower-priority access point as a means to provide an available port. In order to configure this feature, failover priority must be enabled on the network and assign priorities to the individual access points. By default, all access points are set to priority level 1, which is the lowest priority level.
  Note: Be aware that Failover priority takes effect only if there are more association requests after a controller failure than there are available backup controller ports.
  Wireless LAN Controller Failover Priority
  During installation, Cisco recommends you connect all lightweight access points to a dedicated controller, and configure each lightweight access point for final operation. This step configures each lightweight access point for a primary, secondary, and tertiary controller and allows it to store the configured mobility group information. When sufficient controllers are deployed, if one controller fails, active access point client sessions are momentarily dropped while the dropped access point associates with another controller, which allows the client device to immediately reassociate and reauthenticate.
  You can also follow the below link(WLAN Controller Failover for Lightweight Access Points Configuration Example)
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml

• Is it possible to use a 5500 WLC and a 2500 WLC as failover?

  I am curious to know if there are any technical issues with this design. The 5500 WLC would be the primary and 2500 WLC would be the secondary. The only need for the secondary would be in the event of failure of the primary, and support needs when doing maintenance such as code upgrades.
  We would use the same version of code on each controller and apply the necessary amount of AP licenses on each. The controllers would have identical configurations and host multiple SSID's, including offering guest services. Does the 2500 support guest network services?

  Yeah, believe the 2500 only does multicast-multicast mode.  Which isn't that big of a deal usually.  MM being the preferred method.
  the 2504 also has that 300M backplane limitation.  SO if you are going to use the 2504 I would recommend HREAP so you don't have to worry about that.
  Not supported on 2504.
  •Support for wired guest access.
  •Cisco 2500 Series Controller cannot be configured as an auto anchor controller. However you can configure it as a foreign controller.
  •Supports only multicast-multicast mode.
  •Bandwidth Contract feature is unsupported.
  •Access points plugged directly into the WLC.
  •Service port support
  •Apple Talk Bridging
  •LAG
  •Wired Guest
  Steve

• WLC AP Failover Priority

  We use WCS to migrate AP's to "backup" controllers prior to making changes to our primary wireless controllers.
  However, this process is long and arduous when your AP's number in the hundreds, a 5-minute failover per AP can take hours.
  Changing the failover priority to "critical" would definitely speed up the process, but at what cost?
  Leaving them at "low" makes for a graceful migration.  Supplicants roam to another AP and are none the wiser.
  Besides the speed in which the AP's fail over to a secondary controller, what other differences are there between the AP failover priorities?
  Do the AP's, when set to "critical" no longer send disassociation frames to the clients?
  I've looked at design guides and FAQ's, but nothing says what happens, just that you can change the priorities.
  Thanks!
  Ven
  Running 7.0 code on 6k-WISM
  Multiple AP types.

  Ven,
       My understanding with the failover priority was that it was meant to classify the ap's into groups of importance in the event you lost a controller and had insufficent capacity to allow all the ap's onto the other controllers, those with the critical priority would be allowed to join a full controller and a lower priority ap would be dropped. I am not sure why that would make the failover happen quicker.
  HTH

• WLC HA Failover on L2 Fibre Optic WAN

  Hi there,
  I am just wondering if the below scenario works, if the L2 Fibre Optic Wan link is down between the two DCs. Please refer to attached diagram.
  ======================================================================
  The Fibre link is L2 link, meaning that the VLANs are spanning between the 2 DCs.  HSRP is being used on all VLANs and DC1 being the primary active interface for all VLANs. In the event of the L2 Fibre Link failure, the VLAN interfaces on the respective core will become active, providing gateway access for all VLANs.
  The WLC HA pair is between the DCs via the L2 Fibre link and  the redundant port communication happens via the Fibre link.  WLC in DC1 is the Active box and the WLC in DC2 would be in “Standby hot” mode.
  When the L2 Fibre  fails, the HA Primary box in DC 1 will detect that its lost communication to the standby box(via both redundant port and network) and will still continue to function in active state. The HA Secondary box in DC2 will detect that the Primary failure(via both redundant port and network) and transition itself to Active state. In this scenario when the L2 link is down, both WLC would be in active – active state.
  Upon the link coming back online, the wlc WOULD BE SYNCED and goes into active-standby state.
  ===========================================================================
  Would the above scenario work, as I am unable to find any documentation describing about WLC HA setup which can run in “ACTIVE-ACTIVE” state.

  The redundant ports are to be connected via the core switch(on same VLAN )at the respective DCs.
  I doubt if this will work.  
  Redundancy Port
  This interface has a very important role in the new HA architecture. Bulk configuration during boot up and incremental configuration are synched from the Active WLC to the Standby WLC using the Redundant Port. WLCs in a HA setup will use this port to perform HA role negotiation. The Redundancy Port is also used in order to check peer reachability sending UDP keep-alive messages every 100 msec (default timer) from the Standby WLC to the Active WLC. Also, in the event of a box failure, the Active WLC will send notification to the Standby WLC via the Redundant Port. If the NTP server is not configured, a manual time synch is performed from the Active WLC to the Standby WLC on the Redundant Port. This port in case of standalone controller and redundancy VLAN in case of WISM-2 will be assigned an auto generated IP Address where last 2 octets are picked from the last 2 octets of Redundancy Management Interface (the first 2 octets are always 169.254).
  What you are proposing to do defeats the true purpose of HA SSO.  So you depend entirely on a switch and if your fibre cuts, you are gone.  Both WLC goes into Active-Active.  What you are proposing to do is NOT what is intended for HA SSO.  You might as well turn HA SSO off.
  Besides, with your setup, you don't need a Layer 1 issue.  All you need is something as simple as a STP loop and *BOOM*, WLC will go into Active-Active.  
  You might be able to get away with this if, you might say, you connect Redundant Ports (RPs) to fibre optic media converter.  As long as there is nothing in between both converters then this might even work (as long as either one of the media converters don't loose power).  
  Can you also specify what kind of WLC/WiSM are you planning to use?  This design of yours doesn't call of a WiSM-2, does it?

• Multiple WLC and AP secondary config

  Hi all, we have 2 WLC, each licensed for 12 AP's. Here is the issue, we will have up to 20 Ap in our enviroment. No problem getting each AP assigned to a primary controller. My question is assinging an AP to a secondary. If I assign 10 AP's to each as a primary, and then have each assigned to the other controller as a secondary, in the event we lose 1 controller the other will now have 20 AP's associating with it. How does the WLC handle this situation? Just accept the first 2 requests then ignore all the other 8 request?

  Hi Jeffrey,
  Just to add a note to the great tips from Dan and Leo (+5 points each guys!)
  One of the recommended designs for WLC/AP failover and redundancy is referred to as the "n+1" rule. So in your design you would add a third WLC that had no AP's associated to it. It would be licensed for either 12 or 25 AP's. 12 in case one of your WLC's fails or 25 in case both active WLC's fail :)
  WLAN Controller Failover for Lightweight Access Points Configuration Example
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml#c4
  Hope this helps!
  Rob

• How to replace faulty Flex 7510 WLC on HA

  Hi guys,
  I have a faulty secondary 7510 controller (on HA) and going to replace with a new one. How do I go about this?
  What steps should I take?
  Anyone done this before?
  Thanks in advance.

  You need the new WLC and configure as seconder with few basic configuration which i auto via start-up script. Make sure the settings are same on new WLC as before on secondary.
  Mobility mac , redundancy port and MG are the same and remaining info will be sync on the secondary WLC and failover occurs when primary goes down.
  More detail is given as below.
  Ref: http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html

• N+1 redundancy and different mobility groups

  Is it possible to backup 2 controllers with 2 different mobility groups (for example GROUP1 and GROUP2) to the same backup controller (running HA SKU N+1 (7.4)) ?
  Since a controller can only be configured in 1 mobility group, this doesn't seem to be possible. Can someone confirm ?
  regards,
  Geert

  Hello,
  As per your query i can suggest you the following solution-
  In all Wireless LAN Controller (WLC) versions earlier than 4.2.61.0, when a WLC goes "down," the LAP registered to this WLC can failover only to another WLC of the same Mobility Group, if the LAP is configured for failover. From Cisco WLC version 4.2.61.0 and later, a new feature called Backup Controller Support is introduced for access points to failover to controllers even outside the Mobility Group. Refer to Wireless LAN Controller and Light Weight Access Points Failover Outside the Mobility Group Configuration Example for more information.
  Hope this will help you.

• N+1 5508 WLC failover test

  Good day all,
  I have a question about the N+1 5508 failover test:
  Should I shutdown one of the primary WLC to test failover?
  I just setup the N+1 bakcup WLC (5508). B
  Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
  We have two production WLCs both 5508 and one 4405.
  We just purchased another HA-SKU WLC 5508.
  All our four WLCs had been setup into one mobility group in version 7.4.100.6.
  Their neighbors are all up.
  But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
  Here are the log screen:
  ================ From test Access Point============
  *Mar  1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
  *Mar  1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
  *Mar  1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Mar  1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
  *Mar  1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
  *Mar  1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
  *Aug  2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
  *Aug  2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
  *Aug  2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
  *Aug  2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
  *Aug  2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
  *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
  *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
  *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
  *Aug  2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Aug  2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Aug  2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
  *Aug  2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
  *Aug  2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
  -test-ap1#sh int bvI 1
  BVI1 is up, line protocol is up
    Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
    Internet address is 10.255.1.3/24
  ===================From backup N+1 WLC===
  *spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
  *spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
  *spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
  *spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
  *spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
  *spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
  *spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
  *spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
  *mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
  *spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
  ==================== From one of our Primary WLC=====================
  (WLC-5500) >show advanced backup-controller
  AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
  AP secondary Backup Controller ..................  0.0.0.0
  (WLC-5500) >show redundancy summary
  Redundancy Mode = SSO DISABLED
       Local State = ACTIVE
        Peer State = N/A
              Unit = Primary
           Unit ID = 54:75:D0:DE:DE:40
  Redundancy State = N/A
      Mobility MAC = 54:75:D0:DE:DE:40
  Redundancy Management IP Address................. 0.0.0.0
  Peer Redundancy Management IP Address............ 0.0.0.0  
  Redundancy Port IP Address....................... 0.0.0.0
  Peer Redundancy Port IP Address.................. 169.254.0.0
  (WLC-5500) >show license capacity
  Licensed Feature    Max Count         Current Count     Remaining Count
  AP Count            250               203               47
  ==============From the Backup N+1 WLC in DR =====================
  (Cisco Controller) >show redundancy summary
  Redundancy Mode = SSO DISABLED
       Local State = ACTIVE
        Peer State = N/A
              Unit = Secondary - HA SKU
           Unit ID = 6C:41:6A:5F:4C:80
  Redundancy State = N/A
      Mobility MAC = 6C:41:6A:5F:4C:80
  Redundancy Management IP Address................. 10.254.240.3
  Peer Redundancy Management IP Address............ 0.0.0.0
  Redundancy Port IP Address....................... 169.254.240.3
  Peer Redundancy Port IP Address.................. 169.254.0.0
  (Cisco Controller) >show license capacity
  Licensed Feature    Max Count         Current Count     Remaining Count
  AP Count            500               0                 500

  Current AP High Availability Configuration:
  2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
  DC-WiFi-SVC1-LAB(config)#inter
  DC-WiFi-SVC1-LAB(config)#interface por
  DC-WiFi-SVC1-LAB(config)#interface port-
  DC-WiFi-SVC1-LAB(config)#interface port-channel 3
  DC-WiFi-SVC1-LAB(config-if)#shut
  DC-WiFi-SVC1-LAB(config-if)#
  Log in the AP after shutdown:
  Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 2)
  *Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 2)
  *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 3)
  *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 4)
  *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 4)
  *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 4)
  *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 4)
  *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 4)
  *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 4)
  *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 7)
  *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
  *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 8)
  *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
  *Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
  *Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
  *Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
  *Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
  *Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
  *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
  *Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
  *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
  *Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
  *Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
  *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
  *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
  *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
  *Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
  *Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
  *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
  *Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
  *Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
  *Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  APe4d3.f11e.a8e1#         
  3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
  *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
  *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
  CONCLUSION:
  I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine.

• WLC 5500 mobility group failover

  Hey
  I have a Question i am testing  mobility group with
  Failover for redundend connection between 2
  Cisco 5500 Wlc.
  On both the controllers i got the mobility working
  And both the controllers have the same version
  And configuration.
  But when i unplug the main controller the access-
  Points don't convers to the second one
  The just keep on creaming can't find the main controller
  Also with this thus the second wlc need to have the same
  Interface ip address like managment..??
  Thanks

  What do you mean by "convers". An AP will only join one wlc and when that primary wlc is no longer available, should failover to the other/secondary wlc. Mobility is required for an AP to know about all the other APs in that mobility group. And if not configured correct, your AP will only be able to join that wlc.
  Thanks,
  Scott Fella
  Sent from my iPhone

• WLC Failover configuration

  Hello,
  I want to deploy two wlc 5508 running Software Version                 7.0.116.0 in failover mode.
  I read the documentation and I read that the two wlc must have the same configuration.
  I want to be sure that I've well understood.
  For all the interfaces, each appliance must have a different IP. I mean if WLC1 have the interface "ap-manager" "management" and "dynamic interfaces" in .1, I suppose that WLC2 should have the same interfaces with .2 IP.
  Am I right?
  By advance thanks

  The 5508 does not have an ap-manager unless you specifiacally create one.  I would not create one and use the default management interface. 
  Yes the WLC's should have the exact same config, except for the interfaces ip address and of course the hostename.
  Hostname: WLC1
  Management IP: 10.200.100.5
  Virtual: 1.1.1.1
  Dynamic Interface 1: 10.200.105.5
  Dynamic Interface 2: 10.200.110.5
  Hostname: WLC2
  Management IP: 10.200.100.6
  Virtual: 1.1.1.1
  Dynamic Interface 1: 10.200.105.6
  Dynamic Interface 2: 10.200.110.6

• MSE NMSP status inactive after WLC 5508 HA failover

  I have a customer who has a Prime Infrastructure 2.0 server and MSE 7.4 server for Context Aware Services.   The MSE also has the AeroScout Tag Engine for Tracking the AeroScout RFID tags it has deployed.    They have a WLC 5508 HA pair running version 7.4 at their main campus, and two other standalone WLC 5508s at 2 other smaller campuses.   The issue they are having is that when a failover of the WLC5508 HA pair occurs at their main campus, they lose tracking of the WiFi and AeroScout clients.   The other WLCs are not affected.
  When this happens, the Prime Infrastructure show the NMSP status of the WLC5508 HA pair as inactive.   The PI gives the message that the time of the WLC is before the MSE.  But the PI, MSE, and WLCs are all synched to the same Campus NTP server, and the time shows the same time down to the second.   I can get the WLC communicating to the MSE again by removing the Assignment of the WLC to the MSE, then re-adding it to the MSE a few minutes later. 
  We are not sure why the WLC 5508 HA pair occasionally fails over to the standby or back to the primary.  We have not seen any cause for the HA pair failover.   Is there something we need to do to the WLC HA pair so that the NMSP still works if a failover of the WLC occurs.  The customer is planning on converting one of their other Standalone WLCs to a HA Pair also.

  That is what I have been doing.  But the problem is that the I have had to do this about 3 times in the last 6 weeks.  Each time correlates with a failover of the WLC 5508 pair.   Will this have to be done each time there is a failover, or is there some setting on the WLCs, MSE, or Prime Infrastructure that can prevent  having manually to un-assign, then re-assign the WLC to the MSE.

• WLC Failover again..

  Hello,
  I?m still involved in the deployment of 55 APs with 3 4402 WLCs in different cities, and I?m still having troubles with failover configuration. I configured APs with static IP, and then configured primary, secondary and tertiary WLC address providing full-qualified names. These names are stored in the master and secondary DNS server, and are resolved flawlessy. Ports in firewalls are opened, so I made several tests, all of them without success.
  Then, I got one of the AP and entered in debug mode (with serial cable) and found the issue: DNS queries were sent to broadcast IP (255.255.255.255), not unicast to master DNS.
  So that?s my question: Is there any way to set DNS resolution in LWAPP APs working with static IP? If I set them to DHCP, with properly DNS address, I can resolve primary, secondary and tertiary WLC to each AP, but in my deployment I?d prefer to use static addressing.
  Thank you in advance,
  Ignacio Siles

  You said you configured the static IP for the APs, but did you configure the dns server for the APs? I have never used static ip, not sure where you can configure dns server for it.
  Also AP use the configured primary, secondary and tertiary controllers information to select which controller to join after received the controllers responses to AP lwapp discovery, not use them to discover controllers. Before AP learns the candidate controllers from dhcp or dns resolution, those primary, secondary and tertiary controller settings are no use to AP.
  Now it looks like the AP does not know where is the dns server. Not sure if you configured that correctly.
  The last thing, you should set the controllers system name in the primary, secondary and tertiery controllers fields, not the FQDN. If your controllers' FQDN is the same as their system names. It is ok.

• WLC - Failover (clients)

  AP is registered to primary WLC. Will clients stay connected to WLAN when the AP failover to secondary WLC.
  WLAN1 -> WPA2 (TKIP) + PSK.
  WLAN2 -> WAP2(TKIP) + 802.1x
  Please advise.

  Unfortunately, clients are disconnected from an AP when associating to a new controller.

• WLC failover

  hay
  I have two WLC 4000 configured as failover.
  does the configuration synchronize between the two WLCs?

  No it doesn't sync configuration.... you need to configure each wlc and make sure that both are in the same mobility group in order for the ap's to know of both wlc's.
  You would need to configure the access points with a primary, secondary or tertiary wlc, in order for that ap to know which wlc it should be joined with.