Solved: I currently have 2 WLC's in

CiscoWiFiGuy · ‎01-18-2017

Hello Experts,

could you please help me to understand better insight of HA within Anchor Scenario. i have 4 internal WLC 8540 controllers and 2 wlc's in DMZ.

Internal 4 controllers are working in HA that means i have 2 pair of HA in my Internal LAN ( 2 Wlc in one pair and 2 wlc in other pair ) .

I have other 2 wlc in DMZ which will serve as anchor controller. Now i want to configure those DMZ controller also in HA but the point on which i am confused is:

Suppose my dmz controllers are in HA , but when i am configuring mobility groups , i will configure IP and MAC configs in internal and anchor controller.

when one of the Anchor wlc is down , do u think other anchor will assume its role and will serve guest traffic. i think that would not be possible as in HA they will have same IP but when one is down , IP will still remain the same but MAC address will change and in that case EOIP tunnel would not be successful.

So could you please guide me is this a do-able thing or what is a way around.

aleopoldie · ‎02-22-2017

Hello Waqas,

There is no HA feature for Anchor WLCs like for Foreign WLCs. If you want to have redundancy between your Anchor WLCs, you need to set thjese WLCs in your SSID (On the anchor configuraiton) and put a priority for each WLC.

If the priority is the same, both WLCs will handle the clients. If you set a different priority, the WLC with the lowest one will handle all clients and if this one if going down for some reason, the secondary will handle the clients.

Hope this helps,

-Alexis

View solution in original post

Scott Fella · ‎02-27-2017

If a foreign controller fails, client only local to the foreign controller state are preserved. Clients that are anchored are not and it will be a new association that needs to happen.

Stateful switchover is not intended for anchored clients.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

View solution in original post

aleopoldie · ‎02-22-2017

Hello Waqas,

There is no HA feature for Anchor WLCs like for Foreign WLCs. If you want to have redundancy between your Anchor WLCs, you need to set thjese WLCs in your SSID (On the anchor configuraiton) and put a priority for each WLC.

If the priority is the same, both WLCs will handle the clients. If you set a different priority, the WLC with the lowest one will handle all clients and if this one if going down for some reason, the secondary will handle the clients.

Hope this helps,

-Alexis

CiscoWiFiGuy · ‎02-25-2017

Dear Alexis,

Thanks for your reply. Actually I have got the below mentioned reply from Cisco TAC also on this.

"Regarding your query, when you set up SSO failover on the WLC, there is a field to enter the Mobility MAC address.
You can enter the Primary WLC’s MAC Address here, and when the failover occurs, the Secondary will take over retaining the same mobility MAC Address, hence not disrupting the EOIP Tunnel"

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html

So based on this reply is it possible as I have yet not configured this scenario and trying to understand its design perspective.

Thanks,

Scott Fella · ‎02-25-2017

In SSO, you only use the Primary co trollers MAC address. So if you want to setup SSO for your anchors, then you only use the Primary controller MAC address. Now I personally wouldn't setup SSO for the anchors but have two in which I would point the foreign controllers to. I don't know if a failover in SSO would keep the client state since it is being anchored. Something you would just need to test and see.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

aleopoldie · ‎02-27-2017

I tested it and the client has to reconnect because the session is being anchored to another Anchor WLC

AL

CiscoWiFiGuy · ‎02-27-2017

I currently have 2 WLC's in my airport test lab and awaiting other WLC's to be received and then I will test the same thing as Scott has suggested earlier in his reply.

But I just want to understand from and please correct me if I am wrong and below mentioned are my assumptions based on your reply.

" I assume , HA works fine within 2 WLC's which are working as Anchor WLC in DMZ and when Any HA Pair from Internal Lan is Powered off/shutdown or vice versa in case of WLC powered off in DMZ zone; that time EOIP will be reinitiated and client need to re-authenticate"

If this is correct then I request you guyz to propose an optimal solution. either I keep my DMZ WLC's in HA Pair or separate them as primary/secondary and define priority through my internal Lan controller.

cheers.

Thanks

Scott Fella · ‎02-27-2017

If a foreign controller fails, client only local to the foreign controller state are preserved. Clients that are anchored are not and it will be a new association that needs to happen.

Stateful switchover is not intended for anchored clients.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

ammahend · ‎03-09-2020

Hi Scott, is there any documentation on this.. since the anchored client state on foreign controller in run state, it should be retain if one of foreign controller in HA fails. Just trying to understand the logic why guests will have to relogin ?

-hope this helps-

Scott Fella · ‎03-09-2020

What is your design? N+1 or SSO and one or two anchors? A failure in N+1 will always result in clients being dropped and them re-associating. SSO doesn’t support client persistence to anchored controllers. Only state full to clients local to the controller. This is documented in the SSO guide. Look at it this way, guest is open, so a interruption of a few seconds is no big deal.

-Scott
*** Please rate helpful posts ***

Chris Van Krieken · ‎03-29-2018

Hello Scott, would you then add both anchor WLCs into the Mobility Group ? Would that mean 2s mobility tunnels ?

Thanks,

Chris.

HA in Anchor controller Secnario