Wlc unified, load balancing

Similar Messages

• WLC - Aggressive Load Balancing?

  Hello,
  The Wirless LAN Network bulit is as follows -
  1. 1 x 4404 WLC
  2. 40 x LWAPP 1131AG Access Points
  3. Windows Clients used by the Laptop Clients.
  4. Only one Wireless VLAN across the Capmus network - hence AP's, WLC & Clients are all in one VLAN / IP Subnet.
  5. No Access Point Group is created.
  6. Aggressive Load Balancing is enabled allowing 15 Clients as max connection per Access Point.
  Problem facing -
  1. Tried configuring the Aggressive Loadbalancing allowing only 2 x Clients per AP. But noticed that the 3rd Client connecting to the same AP as of the previous 2 Clients have connected. 3rd client is not associating to a different AP which is nearby.
  Please can one help me, if i'm configuring & testing Aggressive Load Balancing in the right way!
  Regards,
  Keshava Raju

  AMR is on target. In fact I just completed 20 hours worth of testing with variuos clients with ALB for a white paper I am doing. Code 17 isnt honored by most clients and is only sent 1 time from the AP. The clients will contiue to attempt to associate to the AP and the AP will allow them on.
  Here is a peek of my white paper "still in draft"
  WLC - Cisco WLC Aggressive Load Balancing; What is it and where did it go in 6.0!
  I've spent the majority of my WLC experience at code level 4.2. Not by choice really, more
  based on the fact that 4.2 is pretty darn stable and it is the only safe harbor to date for the Cisco WLC. Healthcare and Enterprise enviroments are typically slow to move on upgrades, especially when things are operating fine. 
  Since my latest project involves the deployment of hundreds of Cisco 1142s @ location grade, it required that I move to later code to support the 1142 access points. After much research, conversations with our
  local Cisco Wireless SE, conversation with peers at other healthcare organizations, and direct contact with the aware team I had decided that 6.0.188.0 was a release that was of great interest.
  As I start to get fimilar with the new code I am starting to see that things got moved around a little. One of the items is Aggressive Load Balancing. If you aren't fimilar with Aggressive Load Balancing (ALB) you definitly need to be and let me share why.
  First lets look at what ALB is and how it works and then we will dive into the differences between the 4.2 code and the new options 6.0 gives us. ALB when enabled, allows the Cisco WLC to load balance wireless clients on access points that are joined to the same controller. “Key word here – same controller”. You can configure the load balancing window globally in the controller. What is the load balancing window you ask? Well is the maximum number of clients that should be allowed on the access point BEFORE it will start to load balance.
  Lets assume for a moment you have an access point with 5 clients already attached. When client #6 sends association request to the access point the access point will kindly respond with an associaton response frame with the reason code of 17. The wireless client will see reason code 17 in the association response and will kindly find other access points to associate with. However, some devices will ignore this frame and yet still continue to try and associate to the access point. Note: The Cisco WLC will ONLY send 1 reassociation frame with a reason code of 17. It doesn’t flood the medium / client with multiple frames.
  Its up to the client to honor this information and move on. But I can tell you from my experience and testing this isn’t always the case.
  By default, 4.2 and 6.x both have a load balancing window of (5). Lets look at an example.
  The window setting controls when aggressive load−balancing starts. With a window setting of five, for
  example, all clients after the sixth client are load−balanced.
  I know, what is the reason code talk, right. Lets cover this as well. If you dive into the 802.11 frames you will see “Reason Codes”. When a client sees the reason code of “17”, it indicates to the client that the access point is busy and the client should look else where.
  yada yada yada
  I will post the complete paper on my site: my80211.com in the next week or so ...

• WLC 5508 LOAD BALANCING APs to HA-SSO

  Do somebody knows what´s going to happen about configuration when you migrate 2-WLC 5508 giving wireless services correctly, using load balancing with the APs to HA-SSO mode???
  At this time we have some AP groups in WLC1 and in WLC2 we don´t have the AP groups, what´s going to happen with the configuration of both WLCs, both configuration are going to be merged??
  REGARDS

  When you covert the pair into SSO, all the APs will go to the ACTIVE unit.  No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
  This is the first step you need to get sorted.  Send an email to [email protected] and give them the exact details of what you want to do (i. e.  AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC.

• Load Balance guest Internet access via two different DMZ zones at two sites

  Hi Sir,
  My customer has the following unified wireless guest access requirement:
  - There are 2 internet links and dmz zones at two different locations, Site A and Site B
  - Data centre is at Site A
  - WiSM is proposed to be installed at the Cat 6500 in Site A
  - Lightweight AP are distributed across Site A, Site B and other branches
  - Only one anchor WLC is proposed at Site A, DMZ zone to provide guest internet access
  My customer would like to load balance the guest via the two internet link at Site A and Site B but with the same SSID across all locations. Can it be done since only one anchor at Site A? How about puttting another anchor WLC at Site B, DMZ zone? But how can i establish two EoIP tunnel to two different anchor WLC from a single WiSM?
  Thanks for your help
  Delon

  You can... but you can't control where the traffic will flow. The wlc will determine which DMZ wlc it will use. The wlc will load balance, but traffic in site A might go to site B. I currently have deployed that senerio in multiple client installations....

• Aggressive Load Balancing = unstable network

  Last week we upgraded 26 WLCs 4400 controllers from version 5.2.178 to version 6.0.188.0/6.0.196.0.
  Two days after the upgrade, IT-administrators had reported problems with 15 of the WLCs.
  The symptoms was:
  - Problems conntecting to SSIDs
  - Unstable network when connected
  - Clients didnt get a IP-adress
  - Unstable signal strength
  After some troubleshooting, it turned out "Aggressive load-balancing" was enabled on the WLCs having these problems.
  Output from one WLC:
  (Cisco Controller) >show load-balancing
  Aggressive Load Balancing........................ Enabled
  Aggressive Load Balancing Window................. 0 clients
  Aggressive Load Balancing Denial Count........... 3
                                                      Statistics
  Total Denied Count............................... 5873 clients
  Total Denial Sent................................ 14067 messages
  Exceeded Denial Max Limit Count.................. 2924 times
  None 5G Candidate Count.......................... 8215 times
  None 2.4G Candidate Count........................ 2331 times
  Yesterday we ran this command on these WLCs:
  config load-balancing aggressive disable
  ..and the problems now seem to have dissappeared.
  Aggressive load-balancing is disabled as default in the newest versions of WLC software, but we have upgraded since version 4.0.155.5 (where I think this was enabled as default), and I guess this setting was enabled because of that.
  Some info from cisco.com about aggressive load balancing:
  Aggressive load-balancing works at the association phase. If enabled and the conditions to load-balance are met, when a wireless client attempts to associate to a LAP, association response frames are sent to the client with an 802.11 response packet that includes status code 17. This code indicates that the AP is too busy to accept any more associations.
  It is the responsibility of the client to honor, process or discard that association response frame with reason code 17. Some clients ignore it, even though it is part of the 802.11 specification. The standard dictates that the client driver must look for another AP to connect to since it receives a "busy" message from the first AP it tries. Many clients do not do this and send the association request again. The client in question is allowed on to the wireless network upon subsequent attempts to associate.
  Just wanted to post this in case others are experiencing problems like we did

  Tweak your RF. You need to adjust the TX power and the data rates. The reason you have one AP with 9 clients is probably because that AP has the lowest TX power setting like 7-8. Make each AP the same TX power level, depending on how many AP's and how big the room is. You will need to play around with this and the data rates to achieve what you want.
  Here is a guide to look at too
  http://www.cisco.com/web/strategy/docs/education/cisco_wlan_design_guide.pdf
  Sent from Cisco Technical Support iPhone App

• Client load-balancing

  Hi all,
  a short question.
  Is there a feature in Cisco WLC like load-balancing based on bandwidth utilization?
  What I mean is, one AP (channel6) has a channel utilization of 40%, the neighbor AP (channel 11) has a channel utilization of 10%.
  So I would like push new clients automatically to the AP in channel 11.
  many thanks
  Martin

  It doesnt work worth a crap anyway ... Most clients don't adhere to code 17 so what's the point ...
  Aggressive load-balancing works at the association phase. If enabled       and the conditions to load-balance are met, when a wireless client attempts to       associate to a LAP, association response frames are sent to the client with an       802.11 response packet that includes status code 17. This code indicates that       the AP is too busy to accept any more associations.
  It is the responsibility of the client to honor, process or discard       that association response frame with reason code 17. Some clients ignore it,       even though it is part of the 802.11 specification. The standard dictates that       the client driver must look for another AP to connect to since it receives a       "busy" message from the first AP it tries. Many clients do not do this and send       the association request again. The client in question is allowed on to the       wireless network upon subsequent attempts to associate.

• WLC Load Balancing Threshold

  I am trying to understand how the load balancing threshold is calculated but I am finding conflicting information, even withing Cisco's own documentation. I would be grateful if anyone could help.
  Cisco's latest Wireless LAN Controller Configuration Guide for software release 7.0.116.0 (April 2011) contains the following information for configuring Wireless > Advanced > Load Balancing Page (emphasis mine):
  In the Client Window Size text box, enter a value between 1 and 20. The window size becomes part of the algorithm that determines whether an access point is too heavily loaded to accept more client associations:
  load-balancing window + client associations on AP with highest load = load-balancing threshold
  In the group of access points accessible to a client device, each access point has a different number of client associations. The access point with the lowest number of clients has the lightest load. The client window size plus the number of clients on the access point with the lightest load forms the threshold. Access points with more client associations than this threshold is considered busy, and clients can associate only to access points with client counts lower than the threshold.
  Option 1
  The formula shown is correct (load-balancing window + client associations on AP with highest load = load-balancing threshold). If so, this would mean that if you had a window size of 5 and the AP with the highest load at the time of calculation was 15, the threshold would be 18. However, as no APs have 18 associations then this threshold would never be reached. Even if an AP reach 18 associations, the next client trying to associate would trigger another calculation for the threshold which would be 21 (3 + 18) and so still, this threshold would never be hit.
  Option 2
  The description in the paragraph below is correct (The access point with the lowest number of clients has the lightest load. The client window size plus the number of clients on the access point with the lightest load forms the threshold). This sounds much more sensible to me. In this case, the window size was 3 and the AP with the lowest number of associations already had 7 clients associated, the load balancing threshold would be 10 i.e. no load balancing would occur until a client tried to associate with an AP which already had at least 10 clients associated.
  Option 3
  I have seen many descriptions on forums etc of the load balancing threshold being essentially the Client window size, i.e. if the client window size is 3 then load balancing will kick in when a client tries to associate to an AP with at least 3 clients already associated. This doesnt match the above documentation unless the AP with the least number of clients associated doesnt have any associated clients i.e. 0 clients.
  Questions
  I think Option 2 is the correct description of load balancing and the formula given stating use of the AP with the highest load is a typo (albeit still not corrected in the latest documentation). Am I correct?
  The problem with using the option 2 method of calculating the load threshold is that you will be unnecessarily performing load balancing in an environment where some of your APs do actually have zero clients associated, unless you set the window size to somehing close to 10.
  I read here http://www.perihel.at/wlan/wlan-wlc.html#aggressive-load-balancing that when calculating the load threshold, it only accounts for the 8 'best' APs for a given client. In other words, if you have 60 APs on your campus but only 20 are visible to the client, the controller will only perform its load threshold calculations bases on the 8 APs which have the best signal to the client. This would ,ake sense as there is no point setting a load threshold based on the lightest loaded AP which is not even within 'reach' of the client. Is this correct as I can not find any other documentation which supports this?
  Thanks in advance for your help with this.

  Interesting, the config guide contradicts itself in the same paragraph.....    I thought maybe we had two different documents with different explanations.  I don't see any open documentation bugs asking to correct this, but I swear I've heard discussion on this in the past.......
  First off:  Option #3 was the "old way". I think it changed in 6.0.    If you had a threshold of 5, then as soon as you had 5 clients on an AP it would reject the association (3 times and then let them on the 4th attempt).  Now its a sliding window/scale.
  Option #1 I think is completely wrong. As you described, how in the world would you ever surpass the threshold if the highest AP + the window is what you have to beat to load-balance....?    RIght, that just doesn't make any sense to me.....
  Option #2, the way you explain it is correct to my understanding...
  Your question #3 is also correct (not sure if it is Top 8 or based on an RSSI threshold though.)
  The idea is that you don't want some AP in a remote office with 0 clients being your starting point.   So I believe that it is based on the top X candidate for your client.    If your client has 4 viable candidates (lets just say -70 or better), and one of those APs has 5 clients and the rest have 15, I'd expect loadbalancing to try to get you to the 5 client AP if your window size was ~10......  something like that anyhow... 

• Question about Load Balancing Wireless connections using WLC- F5- ISE

  Hi all,
  Can anyone give me some orientation how the radius auth process/handshake between the WLC and ISE changes once the F5 is installed in the middle in order to perform load balancing?
  We can do some kind of load balancing by configuring different radius servers on each WLC for which, I must configure the same shared secret in the WLC and ISE so the radius request/accept could be processed.
  Now that we have the F5 in the middle, do I need to create/configure the same shared secret in the F5 so radius transactions can be processed by this device?. Based on the following link, I must configure the F5 in the ISE like another NAD device (similar to the WLC) but I do not know if this additional configuration in the ISE includes the Auth parameter to be added in the ISE NAD (F5) configuration.
  How to properly use a load balancer in Cisco's Identity Services Engine
  http://www.networkworld.com/community/blog/load-balancing-cisco-identity-services-engine
  Our sheme is shown next,

  When you covert the pair into SSO, all the APs will go to the ACTIVE unit.  No unit will "live" in the standby unit because this unit will "share" the AP-support license between the two.
  This is the first step you need to get sorted.  Send an email to [email protected] and give them the exact details of what you want to do (i. e.  AP SSO) and then provide the serial number of your nominated active WLC and the serial number of your nominated standby WLC.

• Wireless clients load balancing on the APs on WLC 4404

  Hi Experts,
  I'm just wondering if the WLC 4404 with firmware 4.2.207.0 can load balance the wireless clients on different WAPs. Let's say that an AP is already handling 15 Wireless devices. When the 16th is trying to join, the controller somehow puts it on another nearby AP, even the signal from this AP is weaker. I heard the similar feature on other Wireless solution vendors. I'm just wondering if Cisco has the similar feature or not.
  Thanks!

  Yes it is known as aggressive load balancing sending a code 17 making the wireless client to loook at another nearby AP.
  here it is the documentation:
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809c2fc3.shtml

• WLC Voice Audit - Aggressive Load Balancing on WLAN not disabled

  I am running v6.0.196 on 2 WLCs.  Aggressive Load Balancing is disabled globally via WCS. (Configure / Controller / General / Aggressive Load Balancing = Disabled).  When running the Voice Audit Tool against the VoWLAN, I receive the following:
  "Aggressive Load Balancing on WLAN not Disabled"
  I am unable locate the command or the screen to actually disable this on an individual WLAN.  Is this perhaps a code glitch?
  -Robert

  This is not available on the WCS.  I was able to locate this on the individual WLCs.
  But thanks for pointing me where to look nonetheless!
  -Robert

• WLC 7.5.102.0 Client Load Balancing

  Hi,
  Regarding 'Client Load Balancing' feature in WLC code 7.5.102.0, which one will take precedence:
  - Load Balancing enabled in RF Profile and applied in an AP Group.
  - Load Balancing enabled in WLAN
  Also, is there any way to determine the statistics of the Load Balancing in RF Profile? (similar to the Statistics for Client Load Balancing enabled per WLAN in Wireless> Advanced > Load Balancing > Load Balancing Statistics)
  Thanks in advance!
  - edison

  RF Profiles overrides any global settings, just like AP Groups can override the vlan or interface mappings.
  say for example, I want to leverage the RF Profile for highly dense deploytment  (like Town Hall or influx of users) and as result i want to deploy more temp APs that will coexist my existing APs. I just want to modify the High Density parameter - limiting the max clients only. but the RF Profile comes with the Load Balancing too and i don't think it cannot be disabled separately.
  > Load balacing is enabled on the WLAN and isn't in the RF Profile.  High Desnity, you create a RF Profile to disable the lower data rates, maybe 54 and 36 as mandatory and 24 and or 48 supported... depends on how much you want to shrink your cells.  Also setting the max and min TX power.... no need for load balancing if you shrink the cells down.
  so when i apply the RF Profile to the AP Group, the profile's Load Balancing settings will also be applied together with my preferred High Density settings - while my WLAN settting is not enabled with Load Balancing.
  > No.... you either enable load balancing on the WLAN or not. The screen shot I showed you is a threshold configuration if its enabled.
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• WLC Radius Server Load Balance

  Hi,
  Can someone provide me detailed description on how WLC Radius Server Load balance works.
  Becuase, I encounted a problem of User Authenticated with the 1st Radius Server, but Accounting Records are actually on 2nd Server .
  Any response will be very appreciated
  -Angela

  Hi Angela,
  I pasted below the part of config guide explaining the different modes. In summary :
  -Fallback off means : when 1st radius server shows dead , WLC moves to the second. And will only change again when the 2nd is dead too.
  -Passive means : whent 1st radius is dead, WLC moves to the second. If there is a new authentication coming in, it will try the 1st radius server again
  -Active means : WLC constantly sends radius probes to detect when primary is back up.
  config radius fallback-test mode {off | passive | active}
  where
  •off disables RADIUS server fallback.
  •passive causes the controller to revert to a server with a lower priority from the available backup servers without using extraneous probe messages. The controller simply ignores all inactive servers for a time period and retries later when a RADIUS message needs to be sent.
  •active causes the controller to revert to a server with a lower priority from the available backup servers by using RADIUS probe messages to proactively determine whether a server that has been marked inactive is back online. The controller simply ignores all inactive servers for all active RADIUS requests. Once the primary server receives a response from the recovered ACS server, the active fallback RADIUS server no longer sends probe messages to the server requesting the active probe authentication.

• WLC 4404 - Clearing the Load Balancing Statistics?

  Does anyone know of a way to clear the load balancing statistics from a WLC 4404?  I've looked through the gui and CLI and can't seem to find a way to do it.
  Thanks,
  Rob

  You can do a 'show summary' to see the number of connections that have been sent to each servers.
  You can't see the number of bytes so.
  I would suggest to collect this info on the server.
  Regards,
  Gilles.

• How can I debug Aggressive Load Balancing on the WLC ?

  Hello Cisco-Experts,
  I'm looking for the command on the Cisco WLC to debug Aggressive Load-Balancing.
  There is a nice document, ID 107457 describing this feature, but it lacks the command.
  Please investigate and help me and maybe improve YOur documentations.
  Thanks in advance
  Winfried

  Hello NetPros,
  I have disabled now "Agressive Load Balancing" now on the WLC. To my surprise, still Load-balancing packets are received from our HREAP-APs via a WAN-Link on the central WLC.
  Here is an example:
  Tue Jan 13 15:35:59 2009: 00:1c:bf:4a:3f:2e LBS data stored for Mobile 00:1c:bf:4a:3f:2e from AP 00:23:5d:0e:e9:e0(0) new saved RS
  SI (A -128, B -53), SNR 41, inUse 1, [rcvd RSSI (A -128, B -54), SNR 40]
  Tue Jan 13 15:35:59 2009: 00:1c:bf:4a:3f:2e LBS data rcvd for Mobile 00:1c:bf:4a:3f:2e from AP 00:23:5d:0e:e9:e0(0) with RSSI (A -
  128, B -55), SNR 42
  Tue Jan 13 15:35:59 2009: 00:1c:bf:4a:3f:2e LBS data stored for Mobile 00:1c:bf:4a:3f:2e from AP 00:23:5d:0e:e9:e0(0) new saved RS
  SI (A -128, B -54), SNR 41, inUse 1, [rcvd RSSI (A -128, B -55), SNR 42]
  It is remarkable that the MAC-addresses of many of the WLAN-clients do not belong to our company and packets are send via a WAN-link.
  Why do I see these packets while load-balancing is disabled ?
  How is this working ?
  Thank You for any explanation.
  Winfried

• ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe

  Hello guys
  Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
  Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
  I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
  Thanks in advance
  Sayre

  Hello Sayre-
  For Question #1:
  Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
  You can configure Radius and Profiling to be enabled on other interfaces
  Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
  Take a look at this link for more info:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
  For Question #2
  If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations. 
  The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
  –Option 12—HostName of the client
  –Option 60—The Vendor Class Identifier
  After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
  Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
  On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
  http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
  I hope this helps!
  Thank you for rating helpful posts!