WLC Failover Question

Hi All
Can anyone give me a definitive answer to this question please?
If you are using a pair of wireless LAN controllers configured with primary and secondary controllers for the access points and the primary controller fails - do the access points reboot before associating to the secondary controller. I can't see why they would need to but documentation suggests they do.
Additionally, has anyone significantly reduced the failover time? If so, what is the lowest practical failover time. I know the actual failover time can be reduced to 3 seconds but I think that is likely to cause other problems.
Thanks guys.
Regards
Roger

As far I know, In this case the AP does not reboot, only changes its lwapp status to discovery and begins with the discovery proccess.
You can see in the AP if it is restarted; when it places registered in the second WLC, Wireless tab and select the AP affected; normaly in the first tab you can see bottom right the AP up time and the AP association time; if this AP has rebooted this value will close to 00:00.
Normaly I set the Ap heartbeat timeout to 5 seconds, I don´t know if is the best value and my failover time is bigger than your, I don´t know how critical are your network, but a prefer a higher heartbeat timeout to avoid unnecessary AP changes that spend more time.
Best Regards.

Similar Messages

  • N+1 5508 WLC failover test

    Good day all,
    I have a question about the N+1 5508 failover test:
    Should I shutdown one of the primary WLC to test failover?
    I just setup the N+1 bakcup WLC (5508). B
    Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
    We have two production WLCs both 5508 and one 4405.
    We just purchased another HA-SKU WLC 5508.
    All our four WLCs had been setup into one mobility group in version 7.4.100.6.
    Their neighbors are all up.
    But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
    Here are the log screen:
    ================ From test Access Point============
    *Mar  1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
    *Mar  1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
    *Mar  1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
    *Mar  1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
    *Aug  2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
    *Aug  2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
    *Aug  2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
    *Aug  2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Aug  2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Aug  2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
    *Aug  2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
    *Aug  2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
    -test-ap1#sh int bvI 1
    BVI1 is up, line protocol is up
      Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
      Internet address is 10.255.1.3/24
    ===================From backup N+1 WLC===
    *spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    *spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    ==================== From one of our Primary WLC=====================
    (WLC-5500) >show advanced backup-controller
    AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
    AP secondary Backup Controller ..................  0.0.0.0
    (WLC-5500) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Primary
             Unit ID = 54:75:D0:DE:DE:40
    Redundancy State = N/A
        Mobility MAC = 54:75:D0:DE:DE:40
    Redundancy Management IP Address................. 0.0.0.0
    Peer Redundancy Management IP Address............ 0.0.0.0  
    Redundancy Port IP Address....................... 0.0.0.0
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (WLC-5500) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            250               203               47
    ==============From the Backup N+1 WLC in DR =====================
    (Cisco Controller) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Secondary - HA SKU
             Unit ID = 6C:41:6A:5F:4C:80
    Redundancy State = N/A
        Mobility MAC = 6C:41:6A:5F:4C:80
    Redundancy Management IP Address................. 10.254.240.3
    Peer Redundancy Management IP Address............ 0.0.0.0
    Redundancy Port IP Address....................... 169.254.240.3
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (Cisco Controller) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            500               0                 500

    Current AP High Availability Configuration:
    2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
    DC-WiFi-SVC1-LAB(config)#inter
    DC-WiFi-SVC1-LAB(config)#interface por
    DC-WiFi-SVC1-LAB(config)#interface port-
    DC-WiFi-SVC1-LAB(config)#interface port-channel 3
    DC-WiFi-SVC1-LAB(config-if)#shut
    DC-WiFi-SVC1-LAB(config-if)#
    Log in the AP after shutdown:
    Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 3)
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 7)
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 8)
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
    *Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
    *Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
    *Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
    *Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
    *Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
    *Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    APe4d3.f11e.a8e1#         
    3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    CONCLUSION:
    I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine.

  • Centralized WLC Design Question

    Dears,
    In my scenario, i am designing CEntralized WLC deployment. I have 30 AP in Buidling X(200 Users) and 20 AP in Buidling Y(150 Users). I am planning to install HA WLC CLuster where Pimary & Secondary WLC will reside in physically different Data Centers A & B. 
    I have a wireless Design Question and i am not able to get clear answers. Please refer to the attached drawing and answer the following queries:
    If Buidling X users want to talk to building Y Users, then how Control & Data Traffic flow will happen between Buidling X & Y. Would all the traffic will go to Primary WLC from Bldg X APs first and then it will be Re Routed back to Buidling Y APs? Can i achieve direct switching between Bldg X&Y APs without going toward WLC?
    If Building X & Y Users want to access the internet, how would be traffic flow? Would the traffic from X&Y AP will go tunnel all the traffic towards WLC and then it will be routed to internet gateway?is it possible for Bldg X&Y AP to directly send traffic towards Internet Gateway without going to controllers?
    I have planned to put WLC at physically different locations in different DC A & B. Is it recommended to have such a design? What would be the Failver traffic volume if Primary WLC goes down and secondary controller takes over?
    My Reason to go for Centralized deployment is that i want to achieve Centralized Authentication with Local Switching. Please give your recommendations and feedback
    Regards,
    Rameez

    If Buidling X users want to talk to building Y Users, then how Control & Data Traffic flow will happen between Buidling X & Y. Would all the traffic will go to Primary WLC from Bldg X APs first and then it will be Re Routed back to Buidling Y APs? Can i achieve direct switching between Bldg X&Y APs without going toward WLC?
              Traffic flows to the WLC that is the primary for the AP's, then its routed over your network.
    If Building X & Y Users want to access the Internet, how would be traffic flow? Would the traffic from X&Y AP will go tunnel all the traffic towards WLC and then it will be routed to Internet gateway?is it possible for Bldg X&Y AP to directly send traffic towards Internet Gateway without going to controllers?
              The WLC isn't a router, so you would have to put the Internet traffic an a subnet and route.
    I have planned to put WLC at physically different locations in different DC A & B. Is it recommended to have such a design? What would be the Failover traffic volume if Primary WLC goes down and secondary controller takes over?
    Like I mentioned... earlier, the two HA WLC has to be on the same layer 2 subnet in order for you to use HA.  The guide mentions an Ethernet cable to connect both the HA ports on the WLC.
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • WLC Failover again..

    Hello,
    I?m still involved in the deployment of 55 APs with 3 4402 WLCs in different cities, and I?m still having troubles with failover configuration. I configured APs with static IP, and then configured primary, secondary and tertiary WLC address providing full-qualified names. These names are stored in the master and secondary DNS server, and are resolved flawlessy. Ports in firewalls are opened, so I made several tests, all of them without success.
    Then, I got one of the AP and entered in debug mode (with serial cable) and found the issue: DNS queries were sent to broadcast IP (255.255.255.255), not unicast to master DNS.
    So that?s my question: Is there any way to set DNS resolution in LWAPP APs working with static IP? If I set them to DHCP, with properly DNS address, I can resolve primary, secondary and tertiary WLC to each AP, but in my deployment I?d prefer to use static addressing.
    Thank you in advance,
    Ignacio Siles

    You said you configured the static IP for the APs, but did you configure the dns server for the APs? I have never used static ip, not sure where you can configure dns server for it.
    Also AP use the configured primary, secondary and tertiary controllers information to select which controller to join after received the controllers responses to AP lwapp discovery, not use them to discover controllers. Before AP learns the candidate controllers from dhcp or dns resolution, those primary, secondary and tertiary controller settings are no use to AP.
    Now it looks like the AP does not know where is the dns server. Not sure if you configured that correctly.
    The last thing, you should set the controllers system name in the primary, secondary and tertiery controllers fields, not the FQDN. If your controllers' FQDN is the same as their system names. It is ok.

  • Understanding Flexconnect - Local vs Central Switching, and WLC failover scenario ??

    Hello Experts
    We have one WLC 5508 in Building1, few 2700 Series AP in Building1, and one 1252AG in Building2. The LAN subnet is same for both Buildings connected via a dark fiber.
    My requirement is to have Central Switching in Building1 since WLC is located locally, and Local Switching in Building2 to avoid inter-building traffic, for both Buildings we already one VLAN/IP Subnet. (Both Buildings access resources from a central Datacenter which hosts all the servers.)
    Questions:
    1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
    2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
    3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
    4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
    Thanks.

    Hi
    The LAN subnet is same for both Buildings connected via a dark fiber.
    If this is the case there is no need of FlexConnet, as you have enough bandwidth & same L2 extended in those two buildings. Typically FlexConnect is for branch deployment where WAN link bandwidth is a concern.
    Anyway if you want to do this & here is the answer for your specific queries.
    1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
    You can have both local switching & central switching available for a given SSID. Only FlexConnect mode AP will do Local switching & all Local mode AP will do central switching, though both using the same SSID.
    2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
    No, if it is central switching SSID, when WLC is not available client won't able to join this SSID. It is not fall back to Local switching.
    3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
    This is applicable only to FlexConnect mode APs & it always do local switching if that configured. If WLC is not reachable AP will go on "standalone mode" & still do local switching.
    4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
    Yes, when this option configured & WLC is not reachable (but RADIUS is reachable) then AP will act as Authenticator & pass radius messages to Auth Server directly.
    This is a very good Ciscolive presentation you should see as it describe lots of these features & which WLC codes they introduced.
    BRKEWN-2016 - Architecting Network for Branch Offices with Cisco Unified Wireless
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • WLC Failover configuration

    Hello,
    I want to deploy two wlc 5508 running Software Version                 7.0.116.0 in failover mode.
    I read the documentation and I read that the two wlc must have the same configuration.
    I want to be sure that I've well understood.
    For all the interfaces, each appliance must have a different IP. I mean if WLC1 have the interface "ap-manager" "management" and "dynamic interfaces" in .1, I suppose that WLC2 should have the same interfaces with .2 IP.
    Am I right?
    By advance thanks

    The 5508 does not have an ap-manager unless you specifiacally create one.  I would not create one and use the default management interface. 
    Yes the WLC's should have the exact same config, except for the interfaces ip address and of course the hostename.
    Hostname: WLC1
    Management IP: 10.200.100.5
    Virtual: 1.1.1.1
    Dynamic Interface 1: 10.200.105.5
    Dynamic Interface 2: 10.200.110.5
    Hostname: WLC2
    Management IP: 10.200.100.6
    Virtual: 1.1.1.1
    Dynamic Interface 1: 10.200.105.6
    Dynamic Interface 2: 10.200.110.6

  • Two Wireless controllers load balance and failover question

    I have two 4404 controllers and each can take 100 APs. I have 140 APs in total. With the default settings (no master controller, no configuration of Prime, secondary controller on APs), each controller will take 70 APs, right?
    Then I will need to configure each AP with an IP address, name ...etc. My question is, when one Controller failed, these 70 APs will try to associate with another controller, right? However only 30 APs can because another controller can maximum manage 100 APs. Then in this case, will these 30 APs lose their static IP addresses and names? When the failed controller came back online, will the 70 APs automatically go back to this controller and have their IP, name configuration back?
    Thanks!

    With default setting you have no control how many ap's go to what wlc. It doesn't matter, because you will need to specify the primary and secondary. You might as well stage all the ap's you want on one wlc first and set that wlc to master, then when you have finished that, set the other wlc to master and have the ap's join that wlc which will be the primary fro those ap's.
    You only can support 100 ap's so depending what code you use, 30 ap's that are not able to join will just keep trying. If you run 5.2 (I think is buggy) you can set the priority on the ap's so that ap's that you set up with a higher priority will be able to join and the others will again sit there until the othe wlc comes back up. Static IP address will not dissapear because the wlc doesnt' accept any more connections. Once both wlc are up, the ap's will go back to their primary wlc as long as ap fallback is enabled and mobility is configured right.

  • WLC - Failover (clients)

    AP is registered to primary WLC. Will clients stay connected to WLAN when the AP failover to secondary WLC.
    WLAN1 -> WPA2 (TKIP) + PSK.
    WLAN2 -> WAP2(TKIP) + 802.1x
    Please advise.

    Unfortunately, clients are disconnected from an AP when associating to a new controller.

  • WLC license question

    We have two 7510 WLC's and a bunch of AP's.  I want to make sure I understand the license impact of what we are trying to do.  Our AP's will not be up at all times and it's impossible to know when these AP's will be connected and booted up.  They may be on for 2 days and then off for a month before booting up again.  The question I have is once an AP registers to a WLC, is that license 'locked' and used regardless of whether the AP is up or not?

    I agree with Steve and Vikas.
    The WLC calculates the license for currently connected APs. The AP that joins the WLC consumes the 1 space in the WLC license once it is connected. Once it is disassociated you can simply bring another different AP and connect it.
    Same way, if you have a license for 100 APs, it is possible that you connect 100 APs then remove them and bring different 100 APs and they should join without a prblem.
    Regards,
    Amjad
    Rating useful replies is more useful than saying "Thank you"

  • WLC failover

    hay
    I have two WLC 4000 configured as failover.
    does the configuration synchronize between the two WLCs?

    No it doesn't sync configuration.... you need to configure each wlc and make sure that both are in the same mobility group in order for the ap's to know of both wlc's.
    You would need to configure the access points with a primary, secondary or tertiary wlc, in order for that ap to know which wlc it should be joined with.

  • WLC Redundancy Question

    Hi Community,
    I have one question regarding the redundancy feature for two WLC 2106. We have installed on a customer site 2 WLC's 2106  and 6 AP's. Primary and Backup WLC works fine. No the customer asks the question if there is a option to copy the guest access wlan user from the primary controller to the backup controller? The lobby user activates a new user on the primary controller and if the primary controller fails, then the user did not get access to the wlan guest network.
    Any ideas?
    Thanks for help.
    Rene

    Hi Jerry,
    Mobility - it's used for client so that they can roam without any issue and one tunnle will be stablish between wlc-1 and wlc-2. if wlc-1 goes down the client will be local to the wlc-2 and if the guest user is not present on wlc-2 then it will not be able to access network.
    HA for AP - primary, secondary are used to achieve this.
    HA for WLC (WLC redundency) - suppose you have two WLCs if one goes down then second will start serving without any issue. For that master wlc will push all the config to second wlc and some other mechanism to achieve this. This functionality is not yet support.
    Thannks

  • WLC failover solution

    Hi,
    My client is having two Cisco WLC 5508. One is at location A & another at location B They want to configure failover between these two WLC’s i.e. in case of location A WLC failure, the AP’s should get register to location B WLC which is currently happening but the clients will get the IP Address from location DHCP pool. Their requirement is that if in the event of failover, then clients should get the IP Address from the local DHCP server pool & not from the location B DHCP pool & visa-versa.
    As far as design prospective, in location A they are having 5 WLAN’s; one for each floor. We have configured 5 AP groups for the same. Where as in location B they are having single WLAN serving all the clients.
    My query is -  if we configure Flexconnect for all the AP’s in location A as well as for location B even when they are connected to local WLC, is that a recommended design suggestion from Cisco?
    Secondly, if in case of configuring Flexconnect, do I need to create the 5 WLAN’s & 5 AP groups for Bangalore AP’s in location B controller?

    I use Flexconnect, and for that to work you'll have to have the same AP Groups and WLANS configured on both controllers so when the AP fails over the correct WLANS show up.  Otherwise i believe the AP will get the default AP Group.

  • RHI failover question

    Hi,
    I have a pair of 6509's with Sup-720's and ACE modules. IOS is SXI3, ACE software is 3.0.
    When I do a manual ACE failover from one chassis to another I see this behaviour (from debug ip routing)
    switch1:
    Jan 14 09:13:32.210 CET: RT(test-context): del 10.0.2.1/32 via 10.0.0.1, static metric [77/0]
    switch2:
    Jan 14 09:13:34.211 CET: RT(test-context): add 10.0.2.1/32 via 10.0.0.1, static metric [77/0]
    My question is this - why two seconds to install the static route on the second switch? The VIP is there pretty much instantly but the static route is lagging behind by two seconds.
    Is there any way to speed up the process or is it hardwired? (I've tried other versions of IOS and other versions of ACE code - no difference)
    thanks,
    Andrew.

    sqlnet client failover is defined in either tnsnames.ora or a thin JDBC connection string on the client.

  • Load balancing with failover questions

    If we install 2 multi-role Exchange servers in our building and a 3rd multi-role server in our remote data center, what is the best way to load balance them?  Do we need two load balancers or is there some way to span a single load balancer across the
    WAN ?
    What about using Windows NLB as an alternative to using round robin internally?
    Can a load balancer keep our interoffice Exchange CAS traffic from leaving our LAN and only failover to using the 3rd CAS/mailbox sever for internal users if both internal Exchange servers are offline?
    We would also like remote users to "prefer" to use the data center CAS unless it is down. Right now we point our smart host directly to a CAS, but if we had a load balancer there, we could point the smart host to the IP of the load balancer and
    the load balancer could normally send it to data center CAS if it's up and forward it to one of the servers in the office otherwise.
    Is it possible to do all this without a very complicated and expensive solution?

    Depends... what is the connectivity speed between two sites, is it good enough?
    You can use load balance in front of all the 3 CAS if your inter-site connectivity is very good.
    What about using Windows NLB as an alternative to using round robin internally? WNLB and round robin is different,. You can use DNS Roud Robin if you want to or WNLB for all three CAS Server. Or Hardware loadbalancer for all three CAS servers
    Can a load balancer keep our interoffice Exchange CAS traffic from leaving our LAN and only failover to using the 3rd CAS/mailbox sever for internal users if both internal Exchange servers are offline? If you want to use the load balancer then you don't
    need to fail them over one by one -- again you can use DNS Round Robing so the request will go to eah CAS servers one by one or use Hardware Load balance.
    We would also like remote users to "prefer" to use the data center CAS unless it is down. Right now we point our smart host directly to a CAS, but if we had a load balancer there, we could point the smart host to the IP of the load balancer and
    the load balancer could normally send it to data center CAS if it's up and forward it to one of the servers in the office otherwise.
    Use DNS Server and point the A record to the Primary Data center load balanced CAS server instead using IP or host file.
    Hope that helps
    Where Technology Meets Talent

  • 5508 WLC failover detection

    Hi all, we run several 5508 in HA mode. Is there a possibility to detect a HA failover through syslog or snmp? I was not able to find any information on the web about syslog messages or snmp OID's regarding cisco's HA failover. The problem we face is simple, from time to time our controllers failover from primary to backup and vice versa. As this is unusuall we would lilke know when this happens and therefore looking for syslog (push) or snmp (pull) information. We run 7.6.120.0 on all boxes and the HA link is connected through a switched (Layer2) backbone connection. We are not looking for any icmp related stuff, in other words, we don't want to ping the redundancy mgmt ip or peer redundancy mgmt ip... Any help or hints are highly appreciated, thanks Nico

    cLHaPrimaryUnit OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION
    "Indicates whether this is the primary redundant unit or
    not. If this unit is the primary unit, this object is true. If
    this unit is the secondary unit, this object is false."
    ::= { ciscoLwappHaGlobalConfig 12 }

Maybe you are looking for

  • Installation Oracle 8.1.7 on RedHat 7.0

    I have the follow error-message on the installation of oracle 8.1.7 on a RedHat 7.0 : /oracle/ID1/lib//libagtsh.so: file not recognized: File format not recognized collect2: ld returned 1 exit status make: *** [oracle/ID1/rdbms/lib/extproc] Fehler 1

  • E-mail server doesn't recognize my username/password combination? Both are correct.

    i-Photo won't let me e-mail pictures. I get the above error message even though the username/password is correct. I'm using the latest version of i-Photo and OS 10 Lion.

  • HT2729 Need help on moving a movie

    How do I movie back to the cloud after it has been downloaded on my Ipad?

  • Customize Check-In page for profile

    Hello, In UCM 11g I want to add a personalized message to the Check-in screen for each of my profiles. The messages just need to explain the custom metadata fields to the user. How can I accomplish this? Thanks! Mitch

  • Which USB do I have?

    I have a 1GHz G4 iMac. I want to purchase a new iPod but they do not let you transfer songs etc via Firewire anymore (a completely whole different thread I could start on that). I called my local Apple Store and they told me that my model came out in