Re: AP High Availability: Per AP setting (primary/secondary) vs. global backup WLC

Johannes Luther · ‎01-26-2021

Hi board,

one question regarding the configuration of deterministic AP join on a WLC.

So, you may set the primary/secondary/tertiary WLC per AP:

# IOS-XE config stlye
ap name <AP-NAME> controller primary <WLC-HOSTNAME> [<WLC-IPv4-ADDRESS>]

Another possibility is to set a global backup WLC

# IOS-XE config stlye
ap profile myProfile
 capwap backup primary <WLC-HOSTNAME> <WLC-IPv4-ADDRESS>

The C9800 best practice paper states:

https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#Generalaccesspointsettings

When configuring access points, always set the primary and secondary controller names and IP addresses to control the AP selection during the CAPWAP join process. [...]

This configuration can also be done globally for a group of APs at the AP profile level. This is more flexible than defining it for all APs, as in AireOS:

First of all, the feature of a "backup WLC" is available in AireOS as well. Secondly, the functionality of defining a primary/secondary WLC on a per AP level is completely different from the global backup WLC definition.

=> If there is no per-AP setting for HA and there is a primary backup WLC, the AP does not fall back to the primary backup.
So there is no way to force an AP to a different WLC if using the global backup configuration.

At least if I don't configure any primary/secondary WLC on the AP and another WLC as the primary backup, the AP does not fall back (or actively join) the backup WLC.

Is this correct?

marce1000 · ‎01-26-2021

- In general you are better of by looking into High Availability SSO Deployments make this issue transparent and making the AP-failover mechanism automatically.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Johannes Luther · ‎01-26-2021

Hey M.

Thank you for your answer. I have a SSO in combination with an N+1 deployment

So one SSO pair with a dedicated backup WLC.

marce1000 · ‎01-26-2021

- Personally and or since cisco hardware reliability I find it overkill , and as you state perhaps the added complexity may lead to configuration mistakes and or extra tasks taking business-time , I acknowledge that opinions may vary.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Leo Laohoo · ‎01-26-2021

@Johannes Luther wrote:

=> If there is no per-AP setting for HA and there is a primary backup WLC, the AP does not fall back to the primary backup.

The AP settings (Primary/Secondary Controller) will be followed as a first priority over global settings.

If no per-AP settings is available, global settings is followed.

Johannes Luther · ‎01-26-2021

Hi Leo,
I thought so as well, but the APs don't send a "primary discovery request" towards to the configured backup primary and standby WLCs.
So the backup WLCs may act as backup, but compared to the "primary/secondary/tertiary" configuration, "AP fallback" is not functional for the backup WLCs.

At least this is what I see in my lab.

Johannes Luther · ‎01-26-2021

... and just after I wrote my last answer, I found this note in the config guide:

The primary and secondary settings in the AP join profile are not used for AP fallback. This means that the AP will not actively probe for those controllers (which are a part of the AP join profile), when it has joined one of them.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/new-configuration-model.html

So, there is a functional difference between per AP and global backup WLC configuration...