WLC geographical redundancy

Hello,
There are two "central" locations each one having one satellite or spoke site. Let's have:
- zone A and its spoke_zone A1
- zone E and its spoke_zone E1.
Both region A and region E have a similar deployment scenarios:
- 1 x 5508 WLC
- several LWAPs in the existing network (local network).
- FlexConnect for other several LWAPs for the spoke zones A for the A1 and E for the E1.
I'm thinking how can I achieve a backup solution for all these 4 sites:
- A1 and E1 can achieve it through FlexConnect and one mode only: local switching & local authentication.
- what about A and E regions? How can I bring some backup WLC solution here? I know of Mobility Groups, still I don't think it helps too much as I have only L3 connectivity between A and E region through MPLS.
What if I try and get L2 connectivity in between using some solutions like "poor-man's EoMPLS" like L2TP v3, I will be able to connect one VLAN pair, will this be enough ?
- what else can I do in case of WLC breakdown in either of the two regions (A or E)?
Thanks in advance!

During these days, here are some advices I received:
Traditionally, utilizing Backup Controllers was the main way to provide redundancy for a WLC failure. For Zone A, you could just select the Wireless LAN Controller at Zone E, and assign that as the Secondary Controller for each AP as desired. You can set the Primary and Secondary controllers for the AP on the controller via the GUI, the CLI. With Backup Controllers, in the case of a WLC failure AP's would begin to search for their Secondary Controller and re-establish their CAPWAP tunnel. The obvious downside to this, is the outage that occurs from the client prospective while the AP drops it's tunnel and begins to build it again to the Secondary Controller.In response to the need for a somewhat better failover scenario, Cisco brought out High Availability in WLC firmware 7.3. In this scenario, you purchase a second WLC and license it specifically to serve as a standby. You place it adjacent to your existing WLC, and it shares an IP address and session/Config/AP information with the main controller. Now in the event of a WLC failure, the failover from the AP perspective is intended to be transparent.
Now, 'cause of budgeting I can't think of HA solution so I would go for the Backup Controllers, especially now when there are two primary zones only.
Except that I myself though at another solution:
- what if both zone A and E have all LWAPs configured using FlexConnect mode with local switching and authentication? I mean all LWAPs both the APs next to the WLC and also the LWAPs on A1 or E1 zones.
This will result in having only FlexConnect mode APs and of course some features less available, still for the redundancy point of view what do you think of this?
You think would be better or worse than "Backup Controllers" solution?
P.S. the L3 connection between A and E is provided with 150ms or less.

Similar Messages

WLC 2106 redundancy uplinks / LAG

Hi to all,
We've a WLC2106 connected to a Distribution switch composed by a stack and 6x APs dislocated on the Access switches.
All the APs are in H-REAP mode so the WLANs are mapped to the WLC's management interface instead of a dynamic one.
How can I add redundancy on the connection from the WLC to the Distribution switch since the WLC2106 doesn't support LAG/Channel (implemented on all the WLC4400/5500 installed until yet) nor AP-Manager secondary interfaces???
Many thanks
Saluti
Omar

Hi Leolaohoo,
thnx but I want to been able to have a redundacy on network connections from the WLC to the Distribution switches and not having a WLC's redundancy...
based on your answer I suppose that no network connections redundancy are available on the 2100 models (channel, AP manager secondary interface,...) are available...
Omar

WLC HA Redundancy port

Can I setup a 5508 pair of controllers as an HA pair if they're geographically located in different data centers? From the reading I'm doing, it looks like the redundant port needs to be physically plugged in between the two or am I miss reading?
Thanks,
Pete

Hi Peter,
Yes you can have 2 WLCs on different location as long as you can connect them physically by a cable to redundant port.
Normally its called 1:1 design where one WLC will be in an Active state and the second WLC will be in a Hot Standby state continuously monitoring the health of the Active WLC via a Redundant Port.
Port which should be connected back to back in order to synchronize the configuration from the Active to the Standby WLC.
Regards
Don't forget to rate helpful posts

WLC 2504 redundancy set up

WLC: 2504
Firmware: 7.6.100
Hello,
I'm getting very confused in how to set up redundancy with WLC 2504. Some sources talk about Client SSO, some about N+1.
But it seems that although I should use Client SSO with firmware 7.6, the WLC 2504 doesn't support it.
When I type config redundancy, I have no choice
>config redundancy ?
unit Configure redundancy unit [primary | secondary]
So I typed "config redundancy unit primary" on my 2504 and "config redundancy unit secondary" on my 2504-HA
And when I issue this command I have very little information
>show redundancy summary
Type of the Unit = Primary
Does someone has guidelines for redundancy with WLC 2504 on firmware 7.6 ?
Thank you

Hello,
Thank you both for your answers.
Something I didn't understand in the documentation is this.
Is there a replication of configuration between the WLC primary and the HA ? I did read that they should have different network settings (IP addresses) so I understand that there is not a total replication, what about the rest of the configuration ?
The only result I have when I issue a command on the WLC-HA is this
>show redundancy summary
Type of the Unit = Secondary
It doesn't look exactly what I see in the documentation.
Thank you

WLC 4402 redundant Link

We have a WLC, currently it has a single trunk link into a 6506 and all works fine.
we have recently upgraded network to VSS system , so now we have two 6506 , i want to connect the redundant port of 4402 onto the other new switch , is there anything special i need to do?
as it is a virtual switch it is connecting to, does anyone know if WLC is capable of doing etherchannel or something similar?
Many thanks

The question is not on WLC. WLC will bundle its 2 ports the same way whatever happens.
The question is on the switch. You cannot create an etherchannel that spans several switches, so that won't work. But for the VSS, I think you can create a portchannel that will englobe ports on the 2 switches, so if yes then it's ok with WLC.
Regards,
Nicolas

Cisco WLC 5508 Redundancy Feature

All,
With version 7.3 there is a feature for redundancy. How does this feature work? Does anyone know? Can it be use where it is not directly connected, but can be connected as a layer 2?

There have always been redundancy. v7.3 introduced HA AP SSO... did not really start off pretty well. Even with v7.4, there are still some open issues.
Here is how redundancy has always been implemented.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml
Here is the new feature HA
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml
Sent from Cisco Technical Support iPhone App

WLC 5508 redundancy

Hi All,
With the 4400 series if the primary controller failed it could take around 30 seconds iirc for the APs to re-associate with the secondary WLC.
Has this situation improved with the 5508 controller .... can the AP failover in less time?
Cheers,
Eoin.

I don't actually have a specific problem I was just wondering how quick the failover is with the new 5508 controllers versus the 4400 controllers. Can't seem to find documentation around how long it should take for example if I have 250 AP's and 2 5508 controllers.

CSM with Veritas HA geographic redundancy fails over without visible reason

Hello.
Cisco Security Manager shuts down and Veritas fails it over to another site, I have no idea why. It is clean installation without elements.
In Veritas engine log I found this:
2013/02/06 12:52:22 VCS INFO V-16-2-13001 (KV-CSM-01-1) Resource(APP_CSManager): Output of the completed operation (monitor) 60012-202: The following process is not running Process= NameServer State = Administrator has shut down this server Pid = 0 RC = 143 Signo = 0 Start = 2/6/2013 12:35:58 PM Stop = 2/6/2013 12:52:05 PM Core = Not applicable Info = Server started by admin request
Veritas CSM resource log:
2013/02/06 12:52:22 VCS ERROR V-16-2-13067 Thread(3916) Agent is calling clean for resource(APP_CSManager) because the resource became OFFLINE unexpectedly, on its own.
CSM syslog:
Feb 06 12:52:08 127.0.0.1 100: <30> dmgt[9004]: 3021(I):Died method called for process (NameServer, pid=9700).Feb 06 12:52:08 127.0.0.1 100: <30> dmgt[9004]: 3021(I):Died method called for process (EDS, pid=8444).
Eds.log is attached.
NameServer.log is empty.
As we can see from monitor.pl (csm agent script), EDS and NameServer are critical processes to run CSM.
What I should do to prevent such behaviour?

Best way for LWAPs to learn changed WLC IP address?

Hello!
I'm implementing subnets at a customer's network, and one of these changes is to give a unique subnet to the WLAN users.
Since the APs store the WLC's IP address in NVRAM, I'm wondering what the best way is to get them to know its changed IP addres. (I see that I can give the APs themselves new static IPs to use from within the WLC, but I don't see a clear way to tell them a new IP to contact for their controller. After a reboot, they still are trying to associate to the original IP address of the WLC.)
I know we can go onto the console of each one and change it that way, but since these are mounted high up, that is not a particularly desirable solution... ;^)
Thanks for any suggestions on the best way to go about making this change!
Deb

If you have two wlc in redundancy configuration, you could always change one wlc address and make changes to the mobility groups and then move AP's over to the new ip wlc. Then change the other one and modify the wlc address in the mobility group again.
If you have one wlc and you don't want to use option 43 or DNS, you can always set the AP's high availability primary wlc info reflecting the new IP address. Even though you haven't changed the wlc management up yet, the AP's are still joined and known of that ip. So when you change the wlc IP address, the APs will already know the new IP address. I have just done this about a month ago with around 300+ AP's with no issues. You can use WCS/NCS or Prime if you have it, I just script the commands and paste it I tot he wlc CLI to make all the changes.
Just another option.
Sent from Cisco Technical Support iPhone App

CAR REDUNDANCY (CISCO ACCESS REGISTRAR)

I'm interested in using CAR for a radius deployment. Geographic redundancy is needed so I was looking for the right way to accomplish this requirement.
I know that CAR can be deployed in active/active or active/standby. In this case I would need server A in DataCenter A and the server B in DataCenterB. I understand that it is possible to have active/active configuration in this scenario with clients in DataCenter A directing traffic to the server A and clients in DataCenterB directing traffic to server B. Now, what happens if I try to setup active/standby configuration with the active server in datacenter A and the standby in datacenter B, is that possible? Do they need to be in the same LAN segment? This question raised because in active/active we need two CAR base licenses but in active/standby we would need just one base and one secondary which is a lot less expensive.
Thanks for your support.

Use this guide (refer Committed Access Rate (CAR) and Committed Access Rate (CAR) Limiting section ).
http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html

Export import the conf from 1 to a 2nd WLC?

Hello i have now 2 WLC, 1 will be backup of the other (1 in the US, the other in europe, both are connected in the network), same version both of them, i need to have the exact same config on each of them.
The one in europe is in prod since few years, the one in the US is the new one (not configured yet).
What is the best way? --> export the conf of the one in prod, and reimport it on the backup one... then change IP@... ? is it the best way to do?
Thanks for your help.
B

I prefer making a backup and editing the backup and uploading to the new WLC. Sometimes the upload will fail and you will have to edit more than the hostname and the IP's. You will get an error saying the backup failed because of an encryption. The fix is that you might have to delete the usernames and manually enter those in the configuration without being encrypted. This has been something I have had to do recently with the later code versions
Also you need to make sure you have a trailing white space at the end of each command or else that command will not take.
If this becomes painful and the code just doesn't upload without an error. Then configure it manually and then when you are done, compare the backup images on both WLC's to make sure you have everything.
Just to note, I never design a backup that would cross any bug body of water. Your best bet is to have two in Europe and two WLC's in the US. You can get an HA sku WLC for cheap and use AP SSO or N+1. These HA sku WLC provide redundancy and are cheaper because they don't require you to purchase licenses.
Sent from Cisco Technical Support iPhone App

7500 Controller and Redundancy Design

Hi All,
I have a customer that has about 1000 sites.
Estimate is about 3-4 AP's per site (thus about 4000 AP's).
Trying to figure out how many 7500's would be needed and how redundancy is provided.
I've read that AP's can failover to a backup 7500 (not sure if a single 7500 can be backup for 2 other 7500's).
Basically, I'm trying to figure out, to support 4000 AP's and full redundancy, if I should design it so that I need 4x7500's (with 2k AP licenses each).
thanks!
Paul

You can use one WLC as redundant for other two WLCs. No issue.
You can order three 2K WLCs set two of them in operation and the third one as a backup.
Look into the datasheet fornfo about part numbers and licenses:
www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11635/data_sheet_c78-650053.html
HTH
Amjad
Sent from Cisco Technical Support iPad App

Load-Balancing between Foreign and two Anchors

Hi, we have two foreign controllers (one active, one standby) and two anchor controllers. All APs are connected to the active foreign controller. The layer 3 networks for the wlan clients on both anchors are different for the same SSID. SSID: Internet, anchor 1: Subnet A, anchor 2: Subnet B. So when a client is getting anchored to Anchor 1, the clients will get an ip from subnet A and when the client is getting anchored to anchor 2, the client will get an ip from subnet B.
This is so far not a big problem because we only have a few accesspoints in some rooms. But what will happen, when we have a full covered wlan and the client roams from one AP to the other AP? Is there a possibility, that the client will anchored to a different anchor while roaming? I think this will result in a lack of connectivity because without a real disconnect the client will not ask for a new IP address.
Other question: Is it possible to disable this load-balancing between anchor controllers? Or can i make a client sticky to only one anchor as long as an access-session is established?
All controllers are 5760 with 3.3.3 software.

Hi acontes,
It's an interesting question.
In this case, if all AP's are on WLC-A and there is no possibility that an L3 inter-subnet roam will occur between WLC-A and WLC-B, I would just forward WLC-A to Anchor A and WLC-B (in the event of fail over) to Anchor B (if Anchors reside on different subnets). If you must specify Anchor A and Anchor B on each WLC for redundancy purposes, it's important to understand the guidelines and limitations with regard to Foreign / Anchor Design.
As Scott mentioned, the limitation with Anchoring design is that there is no primary / secondary configuration for an Anchor on the Foreign WLC.
If WLC-A has two entries (1) for Anchor-A and (2) for Anchor-B, the EoIP tunnels are establish and load-balancing occurs in a round robin fashion.
Keep in mind the following with regard to guest N+1 redundancy:
•A given foreign controller load balances wireless client connections across the list of anchor controllers configured for the guest WLAN. There is currently no method to designate one anchor as primary with one or more secondary anchors.
•Wireless clients that are associated with an anchor WLC that becomes unreachable are re-associated with another anchor defined for the WLAN. When this happens, assuming web authentication is being used, the client is redirected to the web portal authentication page and required to re-submit their credentials.
Since traffic is transported at Layer 2 via EoIP, the first point at which DHCP services can be implemented is either locally on the anchor controller or the controller can relay client DHCP requests to an external server. Since the IP address directly correlates to the DMZ subnet or the interface where the traffic egresses, it is possible for some clients to get IP's from both Subnet A or Subnet B in the event that WLC-A is building EoIP to both anchors.
1) What happens if my clients roam?
Nothing... since all AP's are on WLC-A, it's Intra-Controller Roaming
Each controller supports same-controller client roaming across access points managed by the same controller. This roaming is transparent to the client as the session is sustained, and the client continues using the same DHCP-assigned or client-assigned IP address. The controller provides DHCP functionality with a relay function. Same-controller roaming is supported in single-controller deployments and in multiple-controller deployments.
Would it be better to choose the same DHCP Pool on both anchors?
It's probably better to have redundant anchors on the same subnet, but it's not required.
3) How would you design this :-)
WLC-A <--EoIP--> Anchor A (DHCP Pool A)
WLC-A <--EoIP--> Anchor B (DHCP Pool A)
It's important to remeber what Scott mentioned about the lack of a primary / secondary relationship. If multiple controllers are added as mobility anchors for a particular WLAN on a foreign controller, the foreign controller internally sorts the controller by their IP address. The controller with the lowest IP address is the first anchor. For example, a typical ordered list would be 172.16.7.25, and 172.16.7.28. If the first client associates to the foreign controller's anchored WLAN, the client database entry is sent to the first anchor controller in the list, the second client is sent to the second controller in the list, and so on, until the end of the anchor list is reached. The process is repeated starting with the first anchor controller.
If any of the anchor controller is detected to be down, all the clients anchored to the controller are deauthenticated, and the clients then go through the authentication/anchoring process again in a round-robin manner with the remaining controller in the anchor list. This functionality is also extended to regular mobility clients through mobility failover. This feature enables mobility group members to detect failed members and reroute clients.

WiSM-2 Module and VSS 6500

Hello
What consequences could i have if i install a WiSM-2 module into a pair of 6500 configured in VSS and another WiSM-2 module into other pair of 6500 configured in VSS for serving a 300 APs??...in this case, do i need to configure mobility groups for guarantee a high availability and also redundancy of controllers??
Under the best practices, is much better having the two WiSM-2 modules into a single pair of 6500 configured in VSS??
I hope my question is gonna be understood if not just let me kow to explain better.
Thanks,
AM

You always need to configure mobility groups if your wlc will share the same mobility. Like Steve mentioned it is wise to split the WiSMs between both chassis. Just because you are doing VSS between the 6500's doesn't mean the WiSM2 will work like VSS, you need to configure the wlc or redundancy if that is what try will be used for.
Thanks,
Scott Fella
Sent from my iPhone

Wireless LAN Solution Engine 2.5

Hi,
we have still this box from Cisco, and we are looking at replacing it.
What is the product we should use to replace it? Seems that Cisco now has several options.
Jorge

Hi Jorge,
since we have no information regarding you wireless environment here a short overview.
For WLAN Management you have two choices:
● WLSE
● WLC / WCS
The WLSE manages the autonomous APs. This means these APs have a IOS running and if the management station fails, they are still working.
Therefore the WLSE is useable in decentral management environments and WAN links!
The WCS manages Lightweight APs. These APs get their software (not IOS) from the WLC firmware and they are upgraded via WLC upgrade. These APs are NOT autonomous. If the WLC fails the APs stop working.
The WLC is the best solution for central managed environments without the problems that WAN links may gice you. Remember: If a WAN link fails the attached APs stop working.
The WLCs can run in a master/slave mode for redundancy, but this will drive your costs up!
If you have many WLCs running in different locations you can manage them with the WCS!
On the other hand in large central deployments the WLC / WCS may reduce the usual mainteneance like AP Softwareupgrade, setup and enable RF Management and some other tasks.
Of course you can deploy IOS to the APs with the WLSE, but you have to copy the IOS Image to the WLSE, create a job and check wether all devices succeseeded. Within the WCS Upgrade the APs get the appropiate sotware autmatic!
In WLSE you have to setup and enable RF Management manually.
To get the long story short: Have some thougts on you deployment:
● Central
● Decentral
How Many APs do you have per location! Better plan two WLCs for redundancy per management domain and location! At the moment one WLC can manage 100 APs. So you should think about the cost for managing 500 APs in a redundant manner!
Actual WLCs can manage up to 12, 25, 50 or 100 APs per Controller, depending on the type of WLC you have ordered. The WLC connot be upgraded from e.g 12 to 100 APs!
One WLSE can manage up to 1900 APs in a WAN deployment (i know data sheets stating 2500, but a costumer of mine gets problems with 1900+ in a live environment).
How many time do you spend in "lower level" work like AP Upgrades, AP configuration, RF Management? In a large campus a WLC might give you some advances in combination with wireless phones, configuring QoS through predefined classes and so on.
The WLSE gives you the more granulary acces to the wireless network!
I guess this should be enough for the moment.
As ScottMac writes in his posts:
Good Luck.
Frank

WLC geographical redundancy

Similar Messages

Maybe you are looking for