cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
62859
Views
83
Helpful
48
Replies

Ask the Expert: High Availability on Wireless Lan Controller (WLC)

ciscomoderator
Community Manager
Community Manager

High Availability on Wireless Lan Controller (WLC) with Madhuri C.- Read the bioWith Madhuri C.

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions of Cisco expert Madhuri C.about the new High Availability (HA) feature (that is, AP SSO) set within the Cisco Unified Wireless Network software release version 7.3 This feature allows the access point (AP) to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC.

Madhuri C. is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. During her four years of experience she has worked on a wide range of Cisco wireless products and technology such as autonomous IOS (aIOS) access points, wireless routers, wireless LAN controllers, wireless VoIP phones, wireless control systems, network control systems, prime infrastructure, and mobility services engines. She has also worked in LAN switching technology.

Remember to use the rating system to let Madhuri know if you have received an adequate response. 

 

Madhuri might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless Mobility sub community discussion forum shortly after the event. This event lasts through March,22 2013. Visit this forum often to view responses to your questions and the questions of other community members. 

More Information : http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml

48 Replies 48

huangedmc
Level 3
Level 3

hi Madhuri:

The examples in the document show the management IP's used on primary & standby are 9.6.61.2 & 9.6.61.3:

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml

Is it correct that in this case, 9.6.61.2 will always be used as the active management IP, even after a switchover?

Meaning the previous standby would have 9.6.61.2 after switchover?

If that's the case, is it the same for all the interfaces, including the redundancy interface?

===

Also, if we have the ability to extend a VLAN between two datacenters, what's to stop us from deploying WLC HA in two different locations?

Would that be a valid design / deployment?

thanks,

Kevin

Hi Kevin,

Great question..

Yes, 9.6.61.2 (Primary WLC IP)  will be the active managment IP as soon as the HA Pairing is up. Meaning, initially before SSO is enabled, both WLCs would have unique managment IP address in same subnet which would be 9.6.61.2 on WLC1 and 9.6.61.3 on WLC2 as per config example. After HA SSO is configured and HA pairing is up, one WLC will come up as active, other WLC will come up as standby hot and both WLCs would have the same management IP 9.6.61.2.

This would remain consistent even after switchover. That is previous standby or currnet active would have

9.6.61.2 as the managment IP which is the previous active WLC IP address.

Redundancy interface would still have unique IP address on both WLCs before and after enabling HA SSO. Considering the same example, 9.6.61.21 would still be the redundancy management ip on WLC1 and 9.6.61.23 would be the redundancy ip on WLC2. This interface is used to check connectivity to network and to the peer thus would remain unique always.

Regarding WLCs in different location :  It is required for us to have direct physical connectivity between the two WLCs via the redundancy port and also they should have management IP in same subnet. The distance between the two WLCs can got upto 100 metres as per the cabling standard.

If the distance between the two locations is higher than this and if cabling is not possible between two WLCs then you can consider old AP failover feature.

Link :

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml

As per this old feature all you would need is IP connectivity between two WLCs, APs. However this triggers new AP discovery and thus the delay.

Regards,

Madhuri

Hi there,

the linked document states:

"In order to achieve HA, WiSM-2 WLCs should only be deployed in a single chassis or deployed between multiple Catalyst 6500 chassis using VSS."

So two 6500 in standalone mode (but with high bandwidth-connection between them) wont work? Should work? Could work? The only difference is that it is a 802.1q trunk instead of an VSL...

Because that info is new to me, and VSS is not an option at the moment.

Hi,

Unfortunately two standalone devices in different chassis would not work as these would not act as single logical switch.

This setup is not recommended and tested  as of now.

Wireless Business Unit would be tracking this in future releases. But current release only supports Single chassis or Multiple Chassis with VSL Link/VSS setup.

Regards,

Madhuri

Hi,

that is pretty bad, because I just ordered based on that document:

http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540_ps2706_Products_Q_and_A_Item.html

(WLC HA Q&A) which states:

"The two WiSM2 blades could be placed within the same chassis or across two chassis. The latency of the link connecting the two chassis needs to be less than 80 ms."

what would have been no problem. On the other hand, VSS or both in one chassis (only 1 slot to spare) is. Since the second one was ordered as HA-Version, it is now pretty much worthless.

Hi,

I understand your concern

I just raised a documentation bug to add the Q & A doc with complete info on VSS support for multiple chassis.

Bud ID: CSCuf16936 . It will be made availble in bug toolkit after few days.

For now, with Non-VSS, I guess only option would be to look for a free slot in chassis 1 or move any existing module if possible from chassis 1 to chassis 2 to make room for standby wism2 in first chassis.

Going forward, enabling VSS would be better. Reason being, with VSS it will not only take care of WISM module failure but also we get Chassis, Supervisor failover. Without VSS, in single chassis we would only have WISM redundancy.

Regards,

Madhuri

cerisier
Level 1
Level 1

Hi,

I would like to know what's going to happen in the scenario below please :

We have 1 WLC-5508 under version 7.0 used to manage remote flexconnect AP and backup several remote WLC-2112 also under 7.0.

We plan to deploy a second 5508 in the same location as the first one to backup it.

As we cannot upgrade 2112 beyond 7.0 can we use the two 5508 in 7.3 (or 7.4) in order to use AP-SSO as secondary and tertiary controller ?

What will happen if one 2112 fail ? Does the APs will download the 7.3 image ? will they download again 7.0 image when the 2112 come back up ?

I hope my explanation is clear enough

Thank you for your answer,

Regards,

Hi,

I understand that you have one 5508 WLC managing flex mode APs across WAN link and you have several 2100 series WLCs in remote locations which will kick in if 5508 in central location fails. I'm assuming every remote location has one 2100 series WLC as backup in each location. Please feel free to correct if my understanding is wrong here.

As you have planned to deploy a second 5508, best design would be to have two 5508 WLCs upgraded to 7.3 or later in central location. These two WLCs will act like one WLC in HA pair. That is if first 5508 WLC fail then second 5508 WLC will become active. These two together will be primary WLC for APs. You cannot load balance between the 2 5508 WLCs. Second 5508 WLC will just be idle and monitor the health of first 5508 WLC.

Further, if both 5508 WLCs fail(box or network failure), then you could have remote two 2100 series as secondary and tertiary.

If both 5508 WLCs fail, then APs download 7.0 and rejoin 7.3 if  any of the 5508 WLCs is back up.

5508 WLCs have better processing speeds compared to 2100 series thus it is good to make 5508 as primary.

Please refer to :

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#legacy

The above section is similar to your scenario.

Let me know if this answers your question.

Regards,

Madhuri

          Hi Madhuri,

     Thanks for your reply, we have a 5508 managing remote flexconnect on some sites et somme other sites where we have 2100 managing local AP. the idea is that when a 2100 fail (there is only one per site) the local AP backup on the 5508, that works fine.

     We plan to deploy a 2nd 5508 at central site to backup the first one as the Wifi infrastructure is now becoming critical. Ideally we would like to take advantage of the new HA backup mode but cannot upgrade 2100 in 7.3. So the main question was : will the AP dowload the 7.3 when backing up on the 5508 and will they downgrade to 7.0 when they get back on the 2100. You sharply answered it and I thank you for that :-)

Best Regards,

Pascal

Mats Nilson
Level 1
Level 1

Hi.

I have a similar question regarding hooking up a  secondary HA WLC 5508 running 7.3 whiilst the active/primary unit is  running 7.0 code.

First - will the secondary unit try to become primary when unable to syncronise with primary?

Second - will the secondary disrupt the primary if the RP port is connected to the otherwise HA-unavare wlc-5508?

Third - what state will the secondary wlc when negotiation fails?

The  issue is that we will have to stay on 7.0 release until other  dependancies is met, but in the same time install the new HA controllers  in advance. Should the portchannel interface to the secondary be  shutdown to prevent disturbing the active WLC running 7.0 for safe  measures?

Sincere regards

Mats

Thanks Pascal. Glad to hear that all your queries are addressed

Hi Mats,

Great question.

It is required to have primary and secondary in HA pair to be in same version and HA SSO feature on WLC is supported only in 7.3 and later.

Answers :

First : When you have both WLCs upgraded to same 7.3 or later codes then yes, secondary will become active if primary fails.

Second : If both WLCs are on different codes it is not possible to have HA pairing between the two so you won't be able to connect redundancy port between 7.3 wlc and 7.0 HA unaware WLC.

It both WLCs support HA and are on on 7.3 then the matrix below explains on what conditions secondary take over : http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#simulate

(Refer to section : These matrixes provide a clear picture of what condition the WLC Switchover will trigger)

Third :Secondary WLC will ping the default gateway and also primary WLC. If primary WLC has failed completely and if it is only secondary WLC that has connectivity to network then secondary will become active. Switchover happens in this case. If both WLCs have failed to reach gateway then switchover does not happen. Standby will reboot and check for gateway reachability. Will go in to maintenance mode if still not reachable.

If you have three WLCs, then you can upgrade two WLCs to 7.3 and enable HA pairing between the two. If you have two WLCs only as of now and one has to remain in 7.0 then only option would be to use older AP HA feature.

Link : http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml

Once all conditions are met and WLCs are upgraded, you can then enable HA SSO on both WLCs.

To check on dependency with NCS, MSE, WCS , AP support and WLC upgrade you can refer to :

http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html

Let me know if this answers your question.

Regards,

Madhuri

gnijs
Level 4
Level 4

I have a small question:

Can one HA WISM2 be backup of 2 (or more) primary WISM2 in the same chassis ?

regards,

Geert

gnijs
Level 4
Level 4

Hi,

As long as both controllers need to be directly back-to-back connected, the HA feature is pretty much useless for me. I want to make use of the cheaper licensing in HA mode, but of course, don't want to put my HA controller in the same physical location as my primary. Now i am forced to the 'classical' failover (prim/sec/ter) which also works, but is much more expensive because of the licensing. NOTE: I have L2 extended VLANs between primary and backup location.

Can you explain this requirement in more detail (do you maybe use jumboframes or non-compliant frames for sync ?), because some documentation is not very clear on this.

For example, see also:

http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540_ps2706_Products_Q_and_A_Item.html

What new capabilities are introduced starting with Release 7.4 in high-availability licensing?

Starting with Release 7.4, the -HA SKU can now be used in N+1 mode.

Take a look at Figure 4.

Two 5508 are backed up by a single 5508-HA ?

How is this possible if they need to be back-to-back connected and each 5508 has only one HA port ?

Is this requirement maybe removed in 7.4 code ?

regards,

Geert

Review Cisco Networking for a $25 gift card