WLC failover solution

Hi,
My client is having two Cisco WLC 5508. One is at location A & another at location B They want to configure failover between these two WLC’s i.e. in case of location A WLC failure, the AP’s should get register to location B WLC which is currently happening but the clients will get the IP Address from location DHCP pool. Their requirement is that if in the event of failover, then clients should get the IP Address from the local DHCP server pool & not from the location B DHCP pool & visa-versa.
As far as design prospective, in location A they are having 5 WLAN’s; one for each floor. We have configured 5 AP groups for the same. Where as in location B they are having single WLAN serving all the clients.
My query is -  if we configure Flexconnect for all the AP’s in location A as well as for location B even when they are connected to local WLC, is that a recommended design suggestion from Cisco?
Secondly, if in case of configuring Flexconnect, do I need to create the 5 WLAN’s & 5 AP groups for Bangalore AP’s in location B controller?

I use Flexconnect, and for that to work you'll have to have the same AP Groups and WLANS configured on both controllers so when the AP fails over the correct WLANS show up.  Otherwise i believe the AP will get the default AP Group.

Similar Messages

  • IChat Load Balancing or failover solution?

    Hello, I am working a plan to develop a iChat server. I think a Mac Mini would be a good start for a group of 50 users. The users are all over the country and my role is to unite them all in a iChat domain. I thought about building two Mac Mini servers and have them run a same domain where all users are registered in. So, we would not be impacted when one of them goes down.
    Anyway, the question is how can I have a load balancing or failover solution for the iChat domain?

    On the issue of load balancing, whilst I don't have any experience with macMini's, you will not need to worry about load balancing with 50 users. I'm sure you can probably put a few naughts on the end of that before you need to worry.
    The design you are proposing will not work for iChat services / and for that matter most of Apple server services. For high availability services (e.g. transparent failover) I think you are going to struggle to get this working and it 'seems' Apple no longer offers guidance on this subject on 10.6.x.
    You will increase availability by using an Xserve with dual PSUs and raid disks. If you are only running high availability ichat services, I would buy a pair of second hand xserves with 10.5 OS and set the ipfailover services running. Personally I would buy one and a service kit and not bother with HA - as you will find the servers are very reliable.
    If you have to use mini's then just have one live and keep a near constant clone of it on another ready to manually swap out if you have a hardware failure.
    Your proposed design will not work without a lot of effort non of which is supported by Apple - although it would be rewarding if you did get it working. You cannot have server to server traffic for the same domain as all your application data needs to be stored centrally. OD only provides services for authentication. The ichat server also has its own data store and this is not distributed nor can it be. It is possible to move the data store over to say an enterprise version of mysql and have that distributed.

  • Manual failover solution for a custom proxy service that should be deployed

    I am looking for a manual failover solution for a custom proxy service that should be deployed on a cluster as a pinned service (requests have to be executed one after the other). The constraints I am encountering are:
    a) Proxy service are deployed to all cluster's members by default.
    b) Configuration of proxy services to cope with migration of JMS ressources.
    Any idea?
    Thanks in advance for your support
    Fred

    hi leroy,
    this is the OracleAS Portal Content Management forum. Please post your question in the Database forum
    General Database Discussions
    thanks,
    christian

  • ASA UC proxy Failover Solution

    Hi,
    I have two ISP's at my disposal, one of the ASA is utilized as UC proxy and people from internet directly access call manager through the same..
    The UC proxy in ASA is configured with one of ISP's IP address block.
    In case ISP connected to ASA is down, the Unified communication services through internet fails..
    Request you to help me i providing solution for UC Proxy failover solution..
    Regards

    My configuration is given below ........please see it
    tls-proxy ASA-tls-proxy
    server trust-point _internal_PP_ctl_phoneproxy_file             
    ctl-file ctl_phoneproxy_file
                    record-entry capf trustpoint capf_trustpoint address 220.227.14.x
                    record-entry cucm-tftp trustpoint phoneproxy_trustpoint address 220.227.14.X
                     no shutdown             
                    media-termination my
                     address 10.60.1.92 interface lan
                    address 220.227.14.x interface wan
                   phone-proxy ASA-phone-proxy
                    media-termination my
                    tftp-server address 10.60.1.151 interface lan
                     tls-proxy ASA-tls-proxy
                   ctl-file ctl_phoneproxy_file
                     no disable service-settings
    if for soft phone there is some changes required then please share it . And also share the port ,,which should be opened for softphone communication

  • Active/passive failover solution using Oracle 10gR2

    Hi,
    We have 2 windows 2003 servers clustered together using Microsoft Clustering Services.
    ORACLE_HOME on D: drive on both servers
    Data drive (P:) will be failing across to each server.
    I want to implement an active/passive failover solution using Oracle 10gR2.
    One option is to use Oracle Failsafe,
    But Are there any best practice for Failsafe which we is more reliable?
    Thanks

    More inof here:
    http://www.oracle.com/technology/tech/windows/failsafe/index.html

  • BGP + HSRP Active Passive failover solution

    Hi all,
    I would like to know how to configure an Active Passive failover solution using BGP + HSRP(with ip sla to track line up/down) in 2x Cisco CPE. 
    For example the IP assignment as below:
    Primary Router:-
    WAN IP: 10.10.10.2/30; GW: 10.10.10.1/30
    LAN IP(Primary): 172.16.1.1/24
    LAN IP(Secondary): 12.12.12.1/24
    HSRP Virtual IP: 172.16.1.3
    Backup Router:-
    WAN IP: 10.10.10.6/30; GW: 10.10.10.5/30
    LAN IP(Primary): 172.16.1.2/24
    LAN IP(Secondary): 12.12.12.2/24
    HSRP Virtual IP: 172.16.1.3
    BGP info:
    AS No: 12345
    Remote-AS: 67890
    Password: abcde
    There will be an unmanaged switch connect to these 2 routers LAN interface and my PC will connect to this switch to perform failover test.
    Appreciate if anyone can share his/her knowledge and guide me on this.
    Let me know if the details above is insufficient.
    Thanks.
    CS

    Hi,
    As per my understaing few things are missing here:
    First you mentioned only 1 virtual IP here from primary LAN Subnet, what about secondary LAN Subnet?
    Secondly, you need to advertise something ( atlest 1 subnet) to BGP, that will show in remote side routing table.
    1 IP SLA and 1 tracking object should be configure also.
    Thanks,
    SAP

  • AMS on AWS - Failover Solution

    Hi everyone, I would like to know what kind of failover solution Adobe provides por its AMS instances on Amazon Web Services, ie., round-robin for maximum connections limit on RTMFP (currently 100 on large-type instances), or even in more complicated scenarios, like server disruption.
    Any kind of help would be kindly appreciated.

    You can purchase an Adobe Media Server license and run the product on a CentOS AMI.  This is similar to running the server on a CentOS Server on your premises.
    AWS does not charges when instances are shut down.
    Could you suggest why you would not use the AMS AMI available on AWS ? It comes with two default EBS Volumes. You can configure them to persist even after the instance is shut down. By default, the primary EBS volume which has AMI related data is terminated . But the secondary EBS volume that has video archives or other video streaming data is persisted.

  • N+1 5508 WLC failover test

    Good day all,
    I have a question about the N+1 5508 failover test:
    Should I shutdown one of the primary WLC to test failover?
    I just setup the N+1 bakcup WLC (5508). B
    Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
    We have two production WLCs both 5508 and one 4405.
    We just purchased another HA-SKU WLC 5508.
    All our four WLCs had been setup into one mobility group in version 7.4.100.6.
    Their neighbors are all up.
    But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
    Here are the log screen:
    ================ From test Access Point============
    *Mar  1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
    *Mar  1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
    *Mar  1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
    *Mar  1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
    *Aug  2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
    *Aug  2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
    *Aug  2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
    *Aug  2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Aug  2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Aug  2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
    *Aug  2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
    *Aug  2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
    -test-ap1#sh int bvI 1
    BVI1 is up, line protocol is up
      Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
      Internet address is 10.255.1.3/24
    ===================From backup N+1 WLC===
    *spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    *spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    ==================== From one of our Primary WLC=====================
    (WLC-5500) >show advanced backup-controller
    AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
    AP secondary Backup Controller ..................  0.0.0.0
    (WLC-5500) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Primary
             Unit ID = 54:75:D0:DE:DE:40
    Redundancy State = N/A
        Mobility MAC = 54:75:D0:DE:DE:40
    Redundancy Management IP Address................. 0.0.0.0
    Peer Redundancy Management IP Address............ 0.0.0.0  
    Redundancy Port IP Address....................... 0.0.0.0
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (WLC-5500) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            250               203               47
    ==============From the Backup N+1 WLC in DR =====================
    (Cisco Controller) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Secondary - HA SKU
             Unit ID = 6C:41:6A:5F:4C:80
    Redundancy State = N/A
        Mobility MAC = 6C:41:6A:5F:4C:80
    Redundancy Management IP Address................. 10.254.240.3
    Peer Redundancy Management IP Address............ 0.0.0.0
    Redundancy Port IP Address....................... 169.254.240.3
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (Cisco Controller) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            500               0                 500

    Current AP High Availability Configuration:
    2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
    DC-WiFi-SVC1-LAB(config)#inter
    DC-WiFi-SVC1-LAB(config)#interface por
    DC-WiFi-SVC1-LAB(config)#interface port-
    DC-WiFi-SVC1-LAB(config)#interface port-channel 3
    DC-WiFi-SVC1-LAB(config-if)#shut
    DC-WiFi-SVC1-LAB(config-if)#
    Log in the AP after shutdown:
    Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 3)
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 7)
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 8)
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
    *Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
    *Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
    *Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
    *Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
    *Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
    *Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    APe4d3.f11e.a8e1#         
    3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    CONCLUSION:
    I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine.

  • WLC Failover configuration

    Hello,
    I want to deploy two wlc 5508 running Software Version                 7.0.116.0 in failover mode.
    I read the documentation and I read that the two wlc must have the same configuration.
    I want to be sure that I've well understood.
    For all the interfaces, each appliance must have a different IP. I mean if WLC1 have the interface "ap-manager" "management" and "dynamic interfaces" in .1, I suppose that WLC2 should have the same interfaces with .2 IP.
    Am I right?
    By advance thanks

    The 5508 does not have an ap-manager unless you specifiacally create one.  I would not create one and use the default management interface. 
    Yes the WLC's should have the exact same config, except for the interfaces ip address and of course the hostename.
    Hostname: WLC1
    Management IP: 10.200.100.5
    Virtual: 1.1.1.1
    Dynamic Interface 1: 10.200.105.5
    Dynamic Interface 2: 10.200.110.5
    Hostname: WLC2
    Management IP: 10.200.100.6
    Virtual: 1.1.1.1
    Dynamic Interface 1: 10.200.105.6
    Dynamic Interface 2: 10.200.110.6

  • WLC Failover again..

    Hello,
    I?m still involved in the deployment of 55 APs with 3 4402 WLCs in different cities, and I?m still having troubles with failover configuration. I configured APs with static IP, and then configured primary, secondary and tertiary WLC address providing full-qualified names. These names are stored in the master and secondary DNS server, and are resolved flawlessy. Ports in firewalls are opened, so I made several tests, all of them without success.
    Then, I got one of the AP and entered in debug mode (with serial cable) and found the issue: DNS queries were sent to broadcast IP (255.255.255.255), not unicast to master DNS.
    So that?s my question: Is there any way to set DNS resolution in LWAPP APs working with static IP? If I set them to DHCP, with properly DNS address, I can resolve primary, secondary and tertiary WLC to each AP, but in my deployment I?d prefer to use static addressing.
    Thank you in advance,
    Ignacio Siles

    You said you configured the static IP for the APs, but did you configure the dns server for the APs? I have never used static ip, not sure where you can configure dns server for it.
    Also AP use the configured primary, secondary and tertiary controllers information to select which controller to join after received the controllers responses to AP lwapp discovery, not use them to discover controllers. Before AP learns the candidate controllers from dhcp or dns resolution, those primary, secondary and tertiary controller settings are no use to AP.
    Now it looks like the AP does not know where is the dns server. Not sure if you configured that correctly.
    The last thing, you should set the controllers system name in the primary, secondary and tertiery controllers fields, not the FQDN. If your controllers' FQDN is the same as their system names. It is ok.

  • Wifi clients get disconnected in WLC - LAP solution

    Hello all,
    I would like to know what are all possible reasons for wireless clients to get disconnected from LAP (to WLC) solution. We have WAN (MPLS) between LAP and WLC and on the remote site (where we only have LAP, since WLC is in central site) we have clients disconnecting
    This is the error that we see in the traplog:
    Decrypt errors occurred for client XX:XX:XX:XX:XX:XX:XX using WPA key on 802.11b/g interface of AP XX:XX:XX:XX:XX:XX:XX
    Can anyone tell me what can be wrong? Can packet loss cause this? Packet loss of which packets? Data packets or some other packets? Or can network delay produce this? I know we have fragmentation and maybe it can be that fragments are failing somewhere. But I would like to know what should happen in order for this message to be displayed and client to be disconnected
    Thanks
    Milos

    Hello,
    I find out the answer couple of days ago. I totally forgot about this post :)).
    Finally, problem was in fragmented packets that were lost in defragmentation in the devices in the middle (between Cisco WLC and LAPs)
    I found out very annoying fact that Cisco WLC is not supporting ICMP redirect messages. In my scenario, some switch was returning ICMP redirect to every client on network where WLC resides. But since WLC doesn't support ICMP redirects, it keep sending fragments to this switch and eventually we had a lot of duplicated fragments going through our firewalls.
    Those duplicated fragments were eventually start dropping and after this, we started having a lot of errors such this one, and also errors in log showing reply attacks and clients unable to authenticate.
    As soon as the network was redesign to aviod ICMP redirects to ever happen (moved other firewalls on separate LANs so only switch was the only gateway for WLC), this problem stopped
    Thanks
    Milos

  • WLC - Failover (clients)

    AP is registered to primary WLC. Will clients stay connected to WLAN when the AP failover to secondary WLC.
    WLAN1 -> WPA2 (TKIP) + PSK.
    WLAN2 -> WAP2(TKIP) + 802.1x
    Please advise.

    Unfortunately, clients are disconnected from an AP when associating to a new controller.

  • WLC failover

    hay
    I have two WLC 4000 configured as failover.
    does the configuration synchronize between the two WLCs?

    No it doesn't sync configuration.... you need to configure each wlc and make sure that both are in the same mobility group in order for the ap's to know of both wlc's.
    You would need to configure the access points with a primary, secondary or tertiary wlc, in order for that ap to know which wlc it should be joined with.

  • WLC Failover Question

    Hi All
    Can anyone give me a definitive answer to this question please?
    If you are using a pair of wireless LAN controllers configured with primary and secondary controllers for the access points and the primary controller fails - do the access points reboot before associating to the secondary controller. I can't see why they would need to but documentation suggests they do.
    Additionally, has anyone significantly reduced the failover time? If so, what is the lowest practical failover time. I know the actual failover time can be reduced to 3 seconds but I think that is likely to cause other problems.
    Thanks guys.
    Regards
    Roger

    As far I know, In this case the AP does not reboot, only changes its lwapp status to discovery and begins with the discovery proccess.
    You can see in the AP if it is restarted; when it places registered in the second WLC, Wireless tab and select the AP affected; normaly in the first tab you can see bottom right the AP up time and the AP association time; if this AP has rebooted this value will close to 00:00.
    Normaly I set the Ap heartbeat timeout to 5 seconds, I don´t know if is the best value and my failover time is bigger than your, I don´t know how critical are your network, but a prefer a higher heartbeat timeout to avoid unnecessary AP changes that spend more time.
    Best Regards.

  • Understanding Flexconnect - Local vs Central Switching, and WLC failover scenario ??

    Hello Experts
    We have one WLC 5508 in Building1, few 2700 Series AP in Building1, and one 1252AG in Building2. The LAN subnet is same for both Buildings connected via a dark fiber.
    My requirement is to have Central Switching in Building1 since WLC is located locally, and Local Switching in Building2 to avoid inter-building traffic, for both Buildings we already one VLAN/IP Subnet. (Both Buildings access resources from a central Datacenter which hosts all the servers.)
    Questions:
    1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
    2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
    3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
    4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
    Thanks.

    Hi
    The LAN subnet is same for both Buildings connected via a dark fiber.
    If this is the case there is no need of FlexConnet, as you have enough bandwidth & same L2 extended in those two buildings. Typically FlexConnect is for branch deployment where WAN link bandwidth is a concern.
    Anyway if you want to do this & here is the answer for your specific queries.
    1. Is the above scenario possible using single SSID ? My understanding is that one WLAN+SSID can't have both Local and Central switching enabled.
    You can have both local switching & central switching available for a given SSID. Only FlexConnect mode AP will do Local switching & all Local mode AP will do central switching, though both using the same SSID.
    2. In Flexconnect Central Switching mode, during WLC failure, does the switching change to Local switching automatically ?
    No, if it is central switching SSID, when WLC is not available client won't able to join this SSID. It is not fall back to Local switching.
    3. When I choose Local Switching for a specific WLAN, does it Locally switch always , or does it Locally switch only when WLC is down ?
    This is applicable only to FlexConnect mode APs & it always do local switching if that configured. If WLC is not reachable AP will go on "standalone mode" & still do local switching.
    4. We want to use Microsoft PEAP using AD User Authentication. When Local Authentication is enabled on WLC, I understand that when WLC fails (and RADIUS Server is still reachable), can we still have the AP directly contact RADIUS server as a direct client and provide 802.1X Microsoft PEAP authentication. Guess this is Primary Backup Radius Server configuration. Is this understanding correct ?
    Yes, when this option configured & WLC is not reachable (but RADIUS is reachable) then AP will act as Authenticator & pass radius messages to Auth Server directly.
    This is a very good Ciscolive presentation you should see as it describe lots of these features & which WLC codes they introduced.
    BRKEWN-2016 - Architecting Network for Branch Offices with Cisco Unified Wireless
    HTH
    Rasika
    **** Pls rate all useful responses ****

Maybe you are looking for

  • How do i arrange deleted files (in trash) in order of deletion time/date?

    I accidentaly deleted several files (not sure of their files names, at least not all of them) so went to the trash to recover them and i didn't find a way to arrange or sort them by date of deletion. Given that they were just deleted it would have be

  • Error in BW upgrade - SEM Add-on

    Hi, I'm upgrading BW from 3.1 to 3.5 on WIN/MSSQL platform. I got stuck on following error: R3up> ERROR: No add-on catalogue "R3ADDON.PAR" found on "c:\TEMP\put\sem3". It's about BW-SEM component 3.5, I put install CD called: SAP:BW:310:ISUPGR:Add_On

  • How Do You Create a POP 3 Email Account On Yosemite 10.10.1?

    Hello There.. The title says it all.  " How Do You Create a POP 3 Email Account On Yosemite 10.10.1?" When I go to set up a new E-mail account, I don't seem to have an option to create a POP 3 account, it just defers to an IMAP account.. Is there any

  • Duplicate Pics in Photos App (iCloud)

    Yesterday I upgraded my icloud account to 200GB, and moved all my photo's from iPhoto to the newly released Photos App. It seems a lot of my photo's were duplicated. What are my options to delete any duplicate photos in my "new" library?

  • Unable To See Guest Network

    Hi everyone: I've just purchased and installed an Airport Extreme on our office network. I'm able to see and connect to the wireless connection I've set up. However, I can't see the guest network. I've gone through the settings a number of times, but