High availability (HA) in controllers allows you to reduce the downtime of the wireless networks, due to the failure of controllers. In 7.3 it is true High Availability is introduced. Hot standby - That is when one box fails due to hardware issues or network connectivity almost instantaneously take over by the standby box. One WLC will be active state and second WLC will be Hot standby state who monitors the health of the active WLC through a direct wired connection over a dedicated Redundancy port. Configuration on active WLC is synched to standby WLC via redundant port.
Both the WLCs share the same set of configurations including the IP address of the Management interface. AP’s CAPWAP state is also synced. APs do not go in the Discovery state when Active WLC fails. That will ensure the AP sessions are intact after switch over. With this we achieve stateful switchover(SSO) for the Access Points(AP SSO). However, in this release Client SSO is not supported, the clients de-authenticated and forced to rejoin new Active WLC when failover occurs. Off Couse, we can do that with cache credential system. Both the active and stand by WLCs are expected to be next to each other, as we achieve HA over a network cable. Both the WLCs are going to share the same configuration information.
After you enable HA, the primary and secondary controllers are rebooted. During the boot process, the primary controller role is negotiated as active and the secondary controller as standby-hot. After a switchover, the secondary controller becomes the active controller and the primary controller becomes the standby-hot controller. After subsequent switchovers, the roles are interchanged between the primary and the secondary controllers.
The New High Availability feature i.e. AP SSO set within the Cisco Unified Wireless Network software release v7.3 allows the AP to establish CAPWAP tunnel with Active WLC and share mirror copy of AP database with Standby WLC. APs do not go in Discovery state when Active WLC fails and Standby WLC takes over the network as Active WLC.
There is only one CAPWAP tunnel maintained at a time between APs and WLC that is in Active state. The overall goal for the addition of AP SSO support to the Cisco Unified Wireless LAN was to reduce major downtime in wireless network due to failure conditions that may occur due to box failover or network failover.
The HA Controller is a new manufacturing orderable controller for every controller series. The HA controller is in Standby state when it boots and pairs with a controller running a permanent count license. For controllers that have permanent count licenses, you can manually configure whether the controller is in the Active state or the Standby state.
• Cisco 5500 Series Controllers
• Cisco Flex 7500 Series Controllers
• Cisco 8500 Series Controllers
• Cisco WiSM2
• The Cisco 5500, Flex 7500, and 8500 Series Controllers have a dedicated HA port, which is used to synchronize configuration between controllers in the Active and Standby states Keepalive messages are sent on HA ports from the standby controller to the active controller every 100 milliseconds (default frequency) to check the health of the active controller. Internet Control Message Protocol (ICMP) packets are also sent every 1 second from each controller to check reachability to the gateway using the redundant management interface. It is highly recommended to have direct physical connection between Active and Standby Redundant Ports. The distance between the connections can go upto 100 meters at per ethernet cable standards.
• . The Cisco WiSM2 also has a dedicated HA port, but it is hidden from users and is responsible for more than configuration synchronization. The Cisco WiSM2 has a dedicated redundancy VLAN, which is used to synchronize configuration between the active and standby controllers. Keepalive messages are sent on the redundant VLAN from the standby controller to the active controller every 100 milliseconds (default frequency) to check the health of the active controller. Internet Control Message Protocol (ICMP) packets are also sent every 1 second from each controller to check reachability to the default gateway using the redundant management interface. To achieve high availability between two WiSM2 controllers, the controllers can be deployed on a single chassis or can be deployed on multiple chassis using a virtual switching system (VSS).
A redundancy VLAN should be a nonroutable VLAN where a Layer 3 interface should not be created for the VLAN and the interface can be allowed on the trunk port to extend an HA setup between multiple chassis. Redundancy VLAN should be created like any other data VLAN on IOS switches. A redundancy VLAN is connected to the redundant
port on Cisco WiSM2 through the backplane. It is not necessary to configure the IP address for the redundancy VLAN because the IP address is automatically generated.
The Redundancy Management Interface is displayed on the controller GUI after you enable high availability. You must configure the IP addresses of the Redundancy Management Interface and the management interface in the same subnet. The Redundancy Management Interface checks the health of the active controller through the network infrastructure if the active controller does not respond to keepalive messages on the redundant port. The Redundancy Management Interface provides an additional health check of the network and the active controller and confirms if a switchover should be executed or not. ICMP packets are generated from the Redundancy Management Interface to check the default gateway reachability of controllers in the Active and Standby states. The Redundancy Management Interface is also used to send notifications from the active controller to the standby controller if a failure or manual reset occurs. The standby controller uses the Redundancy Management Interface to communicate to the syslog, NTP server, and TFTP server to upload any configuration.
The redundancy port is used in the following scenarios:
Following video provides more information about High Availability Architecture in WLC:
High Availability Configuration using GUI is explaned in detail in the following video:
High Availability Configuration using initial CLI configuration wizard is explained in the video provided below:
Sleeping clients avoid web reauthentication if they wake up within the sleeping client timeout interval post switchover.