Solved: WLC global configuration??

rguzman.plannet · ‎10-25-2012

Hi everybody!

I have this scenario where my customer has two WLCs in its HQ a 5508 and a 4402 my intention is to create a mobility group so that they have "redundancy" leaving 4402 as back up in case of failure. When I put both WLCs on production they were "fighting" for the control of the APs it took a long time for 5508 to gain control over the APs in fact there were at least 3 that were jumping between WLCs by the way 5508 was configured as the master, mobility group name is the same and also IOS, but when 4402 came to operations the fight started.

So there is a part on the configuration wireless/access points and inside each AP there is a High Availability option where you can configure primary, secondary and tertiary WLCs, which is great unless you have 50, 100 or even more APs. So I clicked the Global Configuration section where I "can" configure credentials, HA, etc for all of my APs at one click but it just doesn't have any effect on the configuration of any APs. I also found in the User Guide a CLI command that do this and I thought well the GUI might be prone to failure and I tried the CLI command with no results either.

I have a TAC open and the engineer has been doing some labs but still haven't found an answer to this.

So my question is, beside the intelligence the WLC adds to the WLAN, what is the point of having a WLC if I cannot have control over my APs configuration from a centralized point? I ingore if WCS now NCS could do this but in case the answer is yes, you all now that is not very likely that a customer that barely accepted to have two WLCs would accept to buy such an expensive tool.

Has someone experienced and found a solution for this? I'd really appreciate your comments and suggestions.

By the way, there is another issue I faced with this deployment, the web authenticated guest network. As you may know it is needed that one creates a username and password for the web authentication method. If I have this scenario with two WLCs, do I have to create the same username and password in both WLCs in case one goes down?

Thanks in advance for taking the time to read such a long problem description, I'd appreciate all of your comments.

Stephen Rodriguez · ‎10-25-2012

And they will not be shown on the AP. The AP only shows the Primary/Secondary/Tertiatry WLC that it has been configured to use.

This section you are showing, is the 4th and 5th WLC that the AP will try to join, if P/S/T are down.

An AP is aware of all the WLC in the mobility group. So if you have 24 WLC, an AP will know about all 24. The 'backup' WLC is way for you to know where the AP will fall to, if P/S/T go down. Otherwise the AP would pick the WLC with the greatest excess availabiltiy. Which means, it could end up on any of the WLC in the mobility group.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

George Stefanick · ‎10-25-2012

Hey there ..

I have a very very large enviroment and never had a problem with HA on the APs. I did notice customers that would put in the right IP but not the correct controller name and they would have problems. Are you sure the IP and controller names are enetered correctly. And are you sure the mob groups between controllers are correct ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rguzman.plannet · ‎10-25-2012

Hello George,

Thank you for taking the time to answer.

Yes, I understand that part. But my main problem for now is that I cannot apply global configurations, like I said if I have hundreds of APs to configure with HA parameters I'd expect to do it from a centralized point with just one click.

By the way, since you have a large deployment. How much time does it take to the back up WLC to adopt the APs in the case the primary goes down?

Thank you!

George Stefanick · ‎10-25-2012

I can be wrong on this next comment but this is my understanding of the global config. I will need to do some checking and perhaps Leo, Steve or Scott can comment.

But the AP takes the controllers global config when the AP joins that controller. So do you have the same global config identical on both controllers for HA?

On my old WISMs with 150 controllers, about a minute for a full 150 move. With the new HA you can get sub second moves I understand.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

rguzman.plannet · ‎10-25-2012

Well, I don't think they take the config but I may be misunderstanding. When I applied the global config, I went to each AP configuration and they still had their previous parameters set. Then I went one by one changing the HA and that way the change was taken but once again it was directly to the APs.

George Stefanick · ‎10-25-2012

Looks at this ..

The global credentials that you configure on the controller are retained across controller and access point reboots. They are overwritten only if the access point joins a new controller that is configured with a global username and password. If the new controller is not configured with global credentials, the access point retains the global username and password configured for the first controller.

I know that says credentials but this makes me wonder ... Do you have a global credinitals set on both controllers and are they the same?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎10-25-2012

Oh, good call Steve.. I didnt know this ..

Thanks

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Stephen Rodriguez · ‎10-25-2012

Where you are configiguring the 'Primary-Backup' and 'Secondary-Backup' Controllers, only takes affect if the Primary/Secondary/Tertiary are down. These are really 4th and 5th selections respectively.

In addition to the option to configure primary, secondary, and tertiary controllers for a specific access point, you can now also configure primary and secondary backup controllers for a specific controller. If the local controller of the access point fails, it chooses an available controller from the backup controller list in this order:

primary
secondary
tertiary
primary backup
secondary backup

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809a3f5d.shtml#backinfo

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

rguzman.plannet · ‎10-25-2012

I added some pictures to clarify my problem description. Please note that for reasons beyond the scope of this discussion the Primary Controller is off.

Also I will add more pictures in further posts in this same discussion.

As you can see in this two pictures these are the paramaters configured manually for HA which I had to do one by one that was the only way it kept those paramaters no matter from which WLC I did it.

Please wait for the next post to continue with the description.

rguzman.plannet · ‎10-25-2012

Be aware that the WLC I am showing is not the master controller.

In this picture I show how the login credentials and Primary/Secondary controllers where configured, even though they were not taken, those changes were not reflected on each AP HA configuration.

Stephen Rodriguez · ‎10-25-2012

And they will not be shown on the AP. The AP only shows the Primary/Secondary/Tertiatry WLC that it has been configured to use.

This section you are showing, is the 4th and 5th WLC that the AP will try to join, if P/S/T are down.

An AP is aware of all the WLC in the mobility group. So if you have 24 WLC, an AP will know about all 24. The 'backup' WLC is way for you to know where the AP will fall to, if P/S/T go down. Otherwise the AP would pick the WLC with the greatest excess availabiltiy. Which means, it could end up on any of the WLC in the mobility group.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

rguzman.plannet · ‎10-25-2012

Ok, I think I understood this time... I hope

But what about the login credentials and control over turning on radios A and/or BG from global configuration and not going one by one.

Stephen Rodriguez · ‎10-25-2012

The credentials do get pushed to all of the AP, though you can go into an AP and override them if you had need to.

As for the radios, so long as the 802.11a | b network is enabled, and the country code matches it should come up.

Now, I do remember seeing times that I would have to go in an 'manually' enable a radio, but I never found rhyme nor reason as to why.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

rguzman.plannet · ‎10-25-2012

Here is another example of a global change not taken which is the ability to enable 802.11a radios. In order to turn them on I had to telnet AP by AP in set the commands manually. I did it while the APs were adopted by the 5508 or primary, when I shut it down intentionally and the AP came back from secondary to primary many of the redios A were down again.

Saravanan Lakshmanan · ‎10-25-2012

#Master mode option should be used initially to prime APs, after that it should be disabled if fallback WLC used, with no HA configured on AP then it will always try to join WLC with master mode enabled.

#there is no way to push HA settings i.e, primary/sec/tertiary to all APs from WLC, it is possible only with wcs/ncs, maybe in the future there'll be feature to do it from wlc/per ap group level.

Has someone experienced and found a solution for this? I'd really appreciate your comments and suggestions

#manually configure on each AP's gui or use cli or edit the 'show run-config command' file to reflect p/s/t for all APs.

do I have to create the same username and password in both WLCs in case one goes down?

#yes.

By the way, since you have a large deployment. How much time does it take to the back up WLC to adopt the APs in the case the primary goes down?

#60-70secs max by default, it can be reduced based on the heartbeat timer value.