Solved: Re: 9800 deployment in multiple sites

ppnlr · ‎07-21-2024

In deploying 9800 to multiple sites (3 or more) is there an option to deploy in HA setup? I saw SSO but it only requires 2 devices.

or is there a way to configure the 9800 in 3 standalone setup but users can seamlessly connect to wireless as if registering to one?

marce1000 · ‎07-21-2024

- HA SSO targets local failover and can consist of a pair only , indeed. For multiple controllers (or sites) you can use N+1 high availability where the APs need to fallback manually to another controller if needed ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

balaji.bandi · ‎07-21-2024

How is these sites connected ? do you have Layer 2 extention, then its easy, if not you have only option N+1

again depends on deployment type Local switching or Central switching, so consider high bandwidth depends on clients base and deployment size.

You can look n+1 controller option here :

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-1/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-1.pdf

Note : do the testing failover times when you deploying N+1 (as per my experience when i we are testing, had 2min failover from one WLC to WLC) - may be latest code may have fixed now)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Rich R · ‎07-22-2024

HA-SSO should generally only be used for a pair of co-located WLCs.
The WLCs require high bandwidth and low latency connections for SSO redundancy so it is generally not recommended between sites unless the sites are close enough with high bandwidth layer 2 connections to satisfy the SSO requirement.

Also remember that in SSO only 1 WLC is active so the APs in the standby site would have to use a remote site which was active. That also would not work well for 3 sites but you could have Site A + Site B (HA-SSO which looks like a single controller to the APs) + Site C (N+1 HA operating as secondary WLC for the APs). I do not recommend this arrangement.

For 3 remote sites I'd say it's best to work with them as N+1. The APs at each site have the local WLC as primary with the other 2 WLCs as secondary and tertiary (configure on AP HA tab). You will need to make sure all WLCs have the config for all the APs kept in sync and ensure that the APs have the required connectivity to reach all the WLCs and the connectivity for the WLANs if they are centrally switched. You'll also want to configure mobility between the WLCs too.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

marce1000 · ‎07-21-2024

- HA SSO targets local failover and can consist of a pair only , indeed. For multiple controllers (or sites) you can use N+1 high availability where the APs need to fallback manually to another controller if needed ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

ppnlr · ‎07-22-2024

in n + 1 for example 3 controllers, 2 wlc is active and the other 1 is in standby?

marce1000 · ‎07-22-2024

>...in n + 1 for example 3 controllers, 2 wlc is active and the other 1 is in standby?
No , in n+1 all controllers 'are available' ; in the AP configuration (high availability part) a number of controllers is
specified , (primary - secondary,..._) to choose from in the specified order ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎07-21-2024

How is these sites connected ? do you have Layer 2 extention, then its easy, if not you have only option N+1

again depends on deployment type Local switching or Central switching, so consider high bandwidth depends on clients base and deployment size.

You can look n+1 controller option here :

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-1/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-1.pdf

Note : do the testing failover times when you deploying N+1 (as per my experience when i we are testing, had 2min failover from one WLC to WLC) - may be latest code may have fixed now)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ppnlr · ‎07-21-2024

if there is a L2 connectivity, is there other option aside from n + 1?

marce1000 · ‎07-22-2024

>...if there is a L2 connectivity, is there other option aside from n + 1?
- You can only choose between HA-SSO ('strong high availability' - used on the local intranet )
or n+1 for high availability scenario's ; usually you won't have L2 only
between remote sites. (Note that a local HA-SSO pair can be part of an n+1 scenario for high availability between controllers and
sites)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R · ‎07-22-2024

HA-SSO should generally only be used for a pair of co-located WLCs.
The WLCs require high bandwidth and low latency connections for SSO redundancy so it is generally not recommended between sites unless the sites are close enough with high bandwidth layer 2 connections to satisfy the SSO requirement.

Also remember that in SSO only 1 WLC is active so the APs in the standby site would have to use a remote site which was active. That also would not work well for 3 sites but you could have Site A + Site B (HA-SSO which looks like a single controller to the APs) + Site C (N+1 HA operating as secondary WLC for the APs). I do not recommend this arrangement.

For 3 remote sites I'd say it's best to work with them as N+1. The APs at each site have the local WLC as primary with the other 2 WLCs as secondary and tertiary (configure on AP HA tab). You will need to make sure all WLCs have the config for all the APs kept in sync and ensure that the APs have the required connectivity to reach all the WLCs and the connectivity for the WLANs if they are centrally switched. You'll also want to configure mobility between the WLCs too.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390