02-23-2012 09:57 AM - edited 07-03-2021 09:38 PM
Looking to design for redundancy and mobility. My initial plan was to use LAG on both but I am confused on the setup because typcially all interfaces on these two switches are setup with HSRP. Does anybody have a matching configuration example they can share? Also looking to map multiple vlans to one SSID and using AD groups. Additional info is that this is for a large campus with multiple distribution areas but looking to just have consolidated WLC infrastructure at one location. Multiple GIG connections exist to all distribution points. Last note plan is to just use two of the 8 ports on each 5508.
All the guides aren't quite bringing together for me the best practice for this setup.
Thanks,
Andrew
Solved! Go to Solution.
02-23-2012 11:43 AM
Well you must understand, that if the WLC1 fails, then there will be a temporary lose of service until the AP's on WLC1 fails to WLC2. This is for local mode ap's and this means that all traffic will be tunneled back to the WLC's and the layer 3 subnet needs to reside on the 6500's. If you have remote sites that you want ap's and maybe don't have over 50, you can setup the ap's in h-reap mode (flexconnect) and the subnet's the users get placed on is the local subnet at the remote site. So in this scenario, if WLC1 goes down, and remote site 1 has ap's on WLC1, the ap's stay up and traffic still flows normally. You have two options in h-reap mode.... centrally switched which means tunnel traffic back to the WLC or locally switched where traffic is switched locally at that site. When AP's are in local mode, the hard failure of the WLC will always disrupt the client devices just for a little (minute or less) until the AP's move to the other WLC. When WLC1 comes back online, the AP's will move back with little to no disruptions.
You will configure mobility between the two WLC's so that each WLC will know of clients that might roam to an AP on the other WLC. This also is required for the AP's to know about the other WLC.
02-23-2012 10:02 AM
are you going to run the AP in local mode? IF you are and your network is as large as it sounds, 2G probably won't be enough to handle the client traffic.
HSRP is for the routing of the packets, not for the L2 connectivity to the WLC>
So if you have two 6509 you would connect WLCA to 6509A and WLCb to 6509B. With LAG, you can't split the ports, they all have to go to the same switch. So you would build your etherchannel ont he 6509, and connect the WLC ports to those ports. I would start with at least 4, and add more if the traffic requires it.
Other than that, there's not a whole lot to the redundancy of the WLC. from the LAN connectivity standpoint. Assuming yoru 6509 are mirrored from teh config perspective.
Steve
02-23-2012 10:04 AM
Well what you want to do is put one WLC on one switch and the other WLC on the other switch. You will not be able to split the connection to both switches unless you are running VSS. So I would still lag the two wlc ports, but again.. one would connect to one switch and the other wlc connect to the other switch. You are also able to map one ssid to multiple vlans, but only one vlan per AP for that ssid. You can you interface groups which you can bundle a bunch of subnet's together and they will place users in the vlan round robin style. I think with 7.2 you can adjust that. Even when using ap groups, you can define either one vlan or specify the interface group you create.
Some examples:
SSID#1 --> Interface vlan 10 --> AP's 1-20
SSID#1 --> Interface vlan 20 --> AP's 21-40
SSID#1 --> Interface group (vlan 30-50) --> AP's 40-60
02-23-2012 11:32 AM
Scott,
So I am confused on how to best design the system for redundancy. I understand the LAG interfaces cant be split off of switches not running HSRP. We are not running VSS on these switches though we do at our access point distribution areas. I want to try to make the wireless convergenance and redundancy as close to the wired as possible right now our wireless user base is pretty low so that is why we were thinking of only using 2 ports. But even though the current use is low we are moving to wireless everywhere.
So if one user is on WLC1 on Switch 1 and it fails then the AP switches over to WLC2 on lets say switch two. What I am trying to understand is the layer three for the user subnet lives on the 6500 right? Can that layer three default gateway be split accross the switches with HSRP so that when WLC1 fails and that user is now on WLC2 they can still operate on the same VLAN. The redundancy and mobility is what I am struggling with.
Thanks,
Andrew
02-23-2012 11:43 AM
Well you must understand, that if the WLC1 fails, then there will be a temporary lose of service until the AP's on WLC1 fails to WLC2. This is for local mode ap's and this means that all traffic will be tunneled back to the WLC's and the layer 3 subnet needs to reside on the 6500's. If you have remote sites that you want ap's and maybe don't have over 50, you can setup the ap's in h-reap mode (flexconnect) and the subnet's the users get placed on is the local subnet at the remote site. So in this scenario, if WLC1 goes down, and remote site 1 has ap's on WLC1, the ap's stay up and traffic still flows normally. You have two options in h-reap mode.... centrally switched which means tunnel traffic back to the WLC or locally switched where traffic is switched locally at that site. When AP's are in local mode, the hard failure of the WLC will always disrupt the client devices just for a little (minute or less) until the AP's move to the other WLC. When WLC1 comes back online, the AP's will move back with little to no disruptions.
You will configure mobility between the two WLC's so that each WLC will know of clients that might roam to an AP on the other WLC. This also is required for the AP's to know about the other WLC.
02-23-2012 12:31 PM
Thanks for you help guys. I think I am getting it. My plan was to have all the APs in local mode. But I guess in the future we could consider HREAP mode as well but our network is essentially just a large campus everything is at or close to 1 ms response times. We are going to be migrating from the old architecture of the WLSM with GRE tunnels.
02-23-2012 11:46 AM
Yes, you can configure the vlan for HSRP at layer 3.
It's still IP traffic and follows all the routing rules of your network. Which ever 6509 is the speaker for that HSRP pair, will be the one that is used as the GW.
If the speaker fails, the standby will pick up and the clients will continue to pass traffic.
Other than that, Scott covered what will happen if Switch 1 really fails.
Steve
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide