Excellent question..I totally hear you and can understand the confusion.
There is doc bug filed for this :
When you have two WLCs connected by physical cable via the redundant port, it is a total 1:1 failover with AP SSO. Here secondary WLC need not be configured individually. All config and WLANs will be inherited from Primary WLC. Also they are in same datacentre so VLANs are consistent, not an issue.
In 7.4, they allow you to use the HA SKU WLC as a backup WLC outside of the SSO for 90 days then afterwards you will get a message trap stating it has been more than 90 so primary WLC should be made available. In other words it allows you to provide an N:1 back solution so that APs from "N"primary WLCs can fail back to "N+1" standby WLC.
We need to configure the HA-SKU WLCs as a regular backup WLC. It has to be manually configured to support same SSIDs and Security that you would like your APs and clients to have in an event of failover. The HA SKU cannot take the config from N primary WLCs and cannot sync automatically.
There is no need to directly connect this N+1 WLC with any of the N primary WLCs via direct cable and can be in a different geographical location with just ip connectivity. This is no different than your traditional AP HA with primary,sec and tertiary defined.
Basically 7.4 N+1 HA SKU is a cheaper solution and it will support APs on failover from multiple WLCs. With traditional AP HA you need license for each box which is comparatively more expensive.
Table 1 has the limit for HA SKU :
Thanks for the explanation, I understand now. Just to be sure: in 7.4 the HA-SKU failover is NOT AP SSO but behaving like normal prim/sec/ter failover (so taking longer), but possible from several controllers as opposed to AP SSO only possible in 1:1 failover ?
hi good day sorry.
I'm new to this, but it's a start.
I have a question for you. I am working as a network administrator IP phone, the company made a firmware upgrade to CUCM version 8.5, the following versions was that wireless phones are also updated the firmware to function better with CUCM 8.5, but since this happened,
maybe you hear better than previous versions,
but there is a lot of packet loss, the comuniacion not understood, users complain too much about the wireless phone system.
We could help with any suggestions on how to improve service.
Thanks for your attention
This thread is limited to HA on WLC
For voice related wireless questions, you can start a discussion here :
We will be glad to help.
Here i am again with a question:
Can a controller that is configured for AP SSO (back to back) at the same time be used as a HA SKU for other controllers ? I guess not, but can you confirm ?
Yeah as you have rightly suspected, we cannot have secondry WLC connected directly to primary to also act as HA SKU for other primary WLCs. This one can only monitor the directly connected primary WLC by sending keepalives via redundant port and check gateway connectivity.
Both the WLCs paired together act like one logial WLC(Both WLCs share same IP) and this IP can used as primary or secondary to any other AP on a different WLC. However this is traditional AP HA and not fast AP SSO.
Do you have any measurements of traffic imposed on the redundancy link?
I am going to run a couple of wlc5508 in HA between two data centers as a platform for roughly 300 AP´s in flexconnect.
In the data centre (as per above snapshot) there are 2 WLCs active and standby connected by redundancy port.
This is used to synchronize configuration between controllers in the Active and Standby states.
Below is the traffic that is expected on this link :
- Keepalive messages sent from the standby controller to the active controller every 100 milliseconds (default frequency) to check the health of the active controller. Also notifications are sent in the event of failover.
- Internet Control Message Protocol (ICMP) packets are sent every 1 second from each controller to check reachability to the gateway using the redundant management interface.
- Bulk configuration during boot up and incremental configuration are synched from the Active WLC to the Standby WLC using the Redundant Port.
Rest of the capwap / LAN traffic happens in the normal way and with active WLC only. A mirror copy of this is sent to standby by active. As standby would be idle and just monitoring the active WLC's health, this traffic is not of a much concern and WLC is good to handle this.
As both WLCs would be adjacent physically, the latency would not be too high. The distance between the connections can go upto 100 meters at per ethernet cable standards.
I understand that you would have APs over WAN in flex mode and two WLCs in a differnet lcoation. One thing to consider is WAN link utilzation and link latency between WLCs and AP. If this is being taken care already, then there is nothing in addition that you need to worry on regarding standby WLC / AP SSO
I have a question regarding the upgrade, we have two 5508 currently running on 22.214.171.124 and we are planning to upgrade them to 126.96.36.199 and configure them as Active/Standby pair for AP SSO failover.
Do the controller lose the config when we enable HA? Do we have to disconnect the secondary controller from the network and manually configure it as a standby and attach it back to the network for them to become a active/standby pair?
Once the two WLCs are upgraded to 7.4, you can manually configure one as primary and other as secondary WLC via GUI or CLI commands.
You can always take a backup from both WLCs before HA pairing just in case it is required.
No, config will not be lost when you enable HA on primary WLC. Once the HA pairing is successful, standby WLC will automatically pickup config from primary WLC. Thus you do not need config of secondary and there is no way to configure secondary WLC once the pairing is done.
After pairing, secondary will be idle and just monitor the priamry wlc and gateway reachability. You cannot load balance APs between the two WLCs.
No, Secondary and Primary both are to be connected to each other via redundancy port and both WLCs need to be connected to switch to check on the gateway reachability and to pass traffic.After the above setup is ready, you need to manually configure and choose one WLC as Primary and other as Secondary. Enable HA SSO.
Initially both WLCs should have unique IPs in same subnet. Once the HA SSO mode is enabled, WLCs will negotiate the roles and share the same IP which is that of the primary WLC that you choose. Hereafter you can assume this to be one logical wlc.
You can refer to the 8 steps mentioned below for enabling HA SSO :
Please refer to below section regarding licenses :
Since you have 5508, you need to have minumum of 50 license on standby for this conversion.
Let me know if this answers all your questions.
I have two Flex 7510 configured as AP SSO HA pair and work fine. And here is the test I did to verify how the HA behaves:
I disabled the switch ports connected to the primary 75, then the secondary 75 took over control right away (telling this by doing a continuous ping to the primary mgmt IP).
After about 5 minutes, re-enabled the switch ports were disabled, and the ping still replied, not quite sure if the primary unit took the control back.
Here is the point, I disabled the switch ports connected to the secondary unit, and re-enabled them after a while. I noticed that the secondary unit rebooted, reason showed as 'Gateway not reachable'.
I don't know if this is also apply to the primary unit when I shut down the switch ports and brought them back on. Is this designed to do so or just a bug?
Thanks for you input,