cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
63288
Views
83
Helpful
48
Replies

Ask the Expert: High Availability on Wireless Lan Controller (WLC)

ciscomoderator
Community Manager
Community Manager

High Availability on Wireless Lan Controller (WLC) with Madhuri C.- Read the bioWith Madhuri C.

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions of Cisco expert Madhuri C.about the new High Availability (HA) feature (that is, AP SSO) set within the Cisco Unified Wireless Network software release version 7.3 This feature allows the access point (AP) to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC.

Madhuri C. is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. During her four years of experience she has worked on a wide range of Cisco wireless products and technology such as autonomous IOS (aIOS) access points, wireless routers, wireless LAN controllers, wireless VoIP phones, wireless control systems, network control systems, prime infrastructure, and mobility services engines. She has also worked in LAN switching technology.

Remember to use the rating system to let Madhuri know if you have received an adequate response. 

 

Madhuri might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless Mobility sub community discussion forum shortly after the event. This event lasts through March,22 2013. Visit this forum often to view responses to your questions and the questions of other community members. 

More Information : http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml

48 Replies 48

Hi Geert,

Excellent question..I totally hear you and can understand the confusion.

There is doc bug filed for this :

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCue18843

When you have two WLCs connected by physical cable via the redundant port, it is a total 1:1 failover with AP SSO. Here secondary WLC need not be configured individually. All config and WLANs will be inherited from Primary WLC. Also they are in same datacentre so VLANs are consistent, not an issue.

In 7.4, they allow you to use the HA SKU WLC as a backup WLC outside of the SSO for 90 days then afterwards you will get a message trap stating it has been more than 90 so primary WLC should be made available.  In other words it allows you to provide an N:1 back solution so that APs from "N"primary WLCs can fail back to "N+1" standby WLC.

We need to configure the HA-SKU WLCs as a regular backup WLC. It has to be manually configured to support same SSIDs and Security that you would like your APs and clients to have in an event of failover. The HA SKU cannot take the config from N primary WLCs and cannot sync automatically.

There is no need to directly connect this N+1 WLC with any of the N primary WLCs via direct cable and can be in a different geographical location with just ip connectivity. This is no different than your traditional AP HA with primary,sec and tertiary defined.

Basically 7.4 N+1 HA SKU is a cheaper solution and it will support APs on failover from multiple WLCs. With traditional AP HA you need license for each box which is comparatively more expensive.


Table 1 has the limit for HA SKU :

http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540_ps2706_Products_Q_and_A_Item.html

Regards,

Madhuri

Hi Madhuri,

Thanks for the explanation, I understand now. Just to be sure: in 7.4 the HA-SKU failover is NOT AP SSO but behaving like normal prim/sec/ter failover  (so taking longer), but possible from several controllers as opposed to AP SSO only possible in 1:1 failover ?

regards,

Geert

Exactly Geert. You have summarized it perfectly !!

Regards,

Madhuri

hi good day sorry.

I'm new to this, but it's a start.

I have a question for you. I am working as a network administrator IP phone, the company made ​​a firmware upgrade to CUCM version 8.5, the following versions was that wireless phones are also updated the firmware to function better with CUCM 8.5, but since this happened,

maybe you hear better than previous versions,

but there is a lot of packet loss, the comuniacion not understood, users complain too much about the wireless phone system.

We could help with any suggestions on how to improve service.

Thanks for your attention

Hi Adrian,

This thread is limited to HA on WLC

For voice related wireless questions, you can start a discussion here :

https://supportforums.cisco.com/community/netpro/wireless-mobility/wireless-voice-video

We will be glad to help.

Regards,

Madhuri

gnijs
Level 4
Level 4

Hello Madhuri,

Here i am again with a question:

Can a controller that is configured for AP SSO (back to back) at the same time be used as a HA SKU for other controllers ? I guess not, but can you confirm ?

regards,

Geert

Hi Geert,

Yeah as you have rightly suspected,  we cannot have secondry WLC connected directly to primary to also act as HA SKU for other primary WLCs. This one can only monitor the directly connected primary WLC by sending keepalives via redundant port and check gateway connectivity.

Both the WLCs paired together act like one logial WLC(Both WLCs share same IP)  and this IP can used as primary or secondary to any other AP on a different WLC. However this is traditional AP HA and not fast AP SSO.

Regards,

Madhuri

R2C CCIE/CWNE
Level 1
Level 1

Hi,

Do you have any measurements of traffic imposed on the redundancy link?

I am going to run a couple of wlc5508 in HA between two data centers as a platform for roughly 300 AP´s in flexconnect.

Thank you.

Hi,

high-availability-dg-01.gif

In the data centre (as per above snapshot) there are 2 WLCs active and standby connected by redundancy port.

This is used to synchronize configuration between controllers in the Active and Standby states.

Below is the traffic that is expected on this link :

- Keepalive messages sent  from the standby controller to the active controller every 100 milliseconds (default frequency) to check the health of the active controller. Also notifications are sent in the event of failover.

- Internet Control Message Protocol (ICMP) packets are sent every 1 second from each controller to check reachability to the gateway using the redundant management interface. 

- Bulk configuration during boot up and incremental configuration are synched from the Active WLC to the Standby WLC using the Redundant Port.

Rest of the capwap / LAN traffic happens in the normal way and with active WLC only. A mirror copy of this is sent to standby by active. As standby would be idle and just monitoring the active WLC's health, this traffic is not of a much concern and WLC is good to handle this.

As both WLCs would be adjacent physically, the latency would not be too high. The distance between the connections can go upto 100 meters at per ethernet cable standards.

I understand that you would have APs over WAN in flex mode and two WLCs in a differnet lcoation. One thing to consider is WAN link utilzation and link latency between WLCs and AP. If this is being taken care already, then there is nothing in addition that you need to worry on regarding standby WLC / AP SSO

Regards,

Madhuri

Thank you! My conclusion was confirmed.

Have a great day.

Thomas

Great !! You too have a good day Thomas

Hi Madhuri,

I have a question regarding the upgrade, we have two 5508 currently running on 7.0.98.0 and we are planning to upgrade them to 7.4.100.0 and configure them as Active/Standby pair for AP SSO failover.

Do the controller lose the config when we enable HA? Do we have to disconnect the secondary controller from the network and manually configure it as a standby and attach it back to the network for them to become a active/standby pair?

Siddhartha

Siddhartha

Hi Siddartha,

Once the two WLCs are upgraded to 7.4, you can manually configure one as primary and other as secondary WLC via GUI or CLI commands.

You can always take a backup from both WLCs before HA pairing just in case it is required.

No, config will not be lost when you enable HA on primary WLC. Once the HA pairing is successful, standby WLC will automatically pickup config from primary WLC. Thus you do not need config of secondary and there is no way to configure secondary WLC once the pairing is done.

After pairing, secondary will be idle and just monitor the priamry wlc  and gateway reachability. You cannot load balance APs between the two  WLCs.

No, Secondary and Primary both are to be connected to each other via redundancy port and both WLCs need to be connected to switch to check on the gateway reachability and to pass traffic.After the above setup is ready, you need to manually configure and choose one WLC as Primary and other as Secondary. Enable HA SSO.

Initially both WLCs should have unique IPs in same subnet. Once the HA SSO mode is enabled, WLCs will negotiate the roles and share the same IP which is that of the primary WLC that you choose. Hereafter you can assume this to be one logical wlc.

You can refer to the 8 steps mentioned below for enabling HA SSO :

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#guiconfig

Please refer to below section regarding licenses :

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#combo2

Since you have 5508, you need to have minumum of 50 license on standby for this conversion.

Let me know if this answers all your questions.

Regards,

Madhuri

Thats helpfull, thanks for the info.

Siddhartha

Siddhartha

brobinb
Level 1
Level 1

Hi Madhuri,

I have two Flex 7510 configured as AP SSO HA pair and work fine. And here is the test I did to verify how the HA behaves:

I disabled the switch ports connected to the primary 75, then the secondary 75 took over control right away (telling this by doing a continuous ping to the primary mgmt IP).

After about 5 minutes, re-enabled the switch ports were disabled, and the ping still replied, not quite sure if the primary unit took the control back.  

Here is the point, I disabled the switch ports connected to the secondary unit, and re-enabled them after a while. I noticed that the secondary unit rebooted, reason showed as 'Gateway not reachable'.

I don't know if this is also apply to the primary unit when I shut down the switch ports and brought them back on. Is this designed to do so or just a bug?

Thanks for you input,

Robin

Review Cisco Networking for a $25 gift card