01-25-2014 07:52 AM - edited 07-05-2021 12:03 AM
Hi
Datasheet is not very helpfull..
I want to now if there is any benefit if i have a local 5508 HA pair at my central site and a 3650 MC Controller in my branch?
Is there any config sync between WLC or Prime with this 3650 in Mobility Agent or Mobility Controller mode?
regards
Chris
01-25-2014 08:40 AM
There is a big difference between Unified and Converged access. Your 5508's in HA is unified and if your looking at the 3650 (Converged) as an MC, you would need to design your environment into a hybrid of using the 5508 as a MC and the 3650 as an MC unless you want to have separate systems. I can't really explain what you can or can't do without really understanding your environment. Have you reached out to your Cisco SE? They should be able to explain what can work in your environment and what can't or else you will need to read the various converged access design guides
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/white_paper_c11-726107.html
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=5930&tclass=popup
http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/Mobility_Architecture.html
Sent from Cisco Technical Support iPhone App
01-25-2014 11:05 AM
Hi Chris,
MC-Mobility Controller & MA-Mobility Agent are two different roles assign to a wireless controller. In legacy systems (5508,WiSM2,2504) both roles reside on the same physical unit.
Typically MA is responsisble for terminate CAPWAP tunnels from AP, maintain client database where as MC is responsible for Roaming, RRM, wIPS, etc.Another important aspect is MC hold the license for AP registration. In legacy system you do not want to worry about both are doing by the same controller/device.
With this new Converged Access deployment model you have the option of seperate these data plane (MA) & control plane (MC) funtionality into two sepearte device. In a large scale deployments, you should have central controller acting as MC (it can be 5508,5760) & all your access layer 3850/3560 will act as MA & terminate all directly connected AP CAPWAP tunnels.
In small/branch deployment, you can use a 3850/3560 to do the MC funtionality as well. In that case it will act as a full WLC (with MC& MA functionality).
In your case, yes you can use 3650 to do the MA/MC at your branch (think of you got a WLC at your branch). If you require guest tunneling/etc, then your 5508 need to be run specific code (7.3.112.0 ,7.5.102.0 or 7.6.100.0) in order to inter-communicate with branch 3650.
As Scott mentioned, it is different architecture, so better you familiar prior to deploy it. Here is another good presentation you should watch.
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=74990&backBtn=true
HTH
Rasika
**** Pls rate all useful responses ****
01-26-2014 03:46 AM
hi
Thank you for your quick responses Scott and Rasika.
My costumer is a pretty small costumer with about 50 Aps in HQ and 1 or 2 AP's in branch office.
He is not the cisco guru so i want to do this simple as possible.
when we have 5508 in HQ and Flexconnect in the branches offices, is there any advantage when i have a 3650 in the branch? Beside the local termination of the CAPWAP?
In my opinion the biggest disadvante is that i have to configure both, my 5508 and my 3650's in my branches..
regards
chris
01-26-2014 04:12 AM
Hi Christian,
Rasika and Scott already explained about 3650 device in well detailed manner.
AS per query:
HQ have 50 AP with 5508 WLC. and remote location have only 2 APs.
This is my personal thought Best solution in your scenario is to keep using flex connect/Hreap instaed of buying 3650.Buying 3650 will be more costly and more complex solution for cutsomer.
Better to go for:
central authentication, local switching—In this state, for the given WLAN, the controller handles all client authentication, and the H REAP access point switches data packets locally. After the client authenticates successfully, the controller sends an CAPWAP control command to the H REAP instructing the access point to switch that given client's data packets locally. This message is sent per client upon successful authentication. This state is applicable only in Connected mode.
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml
HREAP mode config guide:)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
this is the simple one.
or
You can use a 5508 WLC at remote ocation and manage by Prime INfra with ISE(Guest and crporate access) from HQ.
Hope this helps.
Regards
Dont forget to rate helpful posts
01-26-2014 06:17 AM
Well, you mentioned this:
He is not the cisco guru so i want to do this simple as possible.
HA alone is going to be tough for a non guru... Keep it simple by just adding to what was designed. Moving to a hybrid or full converged access method will definitely confuse the heck out of your customer.
Keep it Simple is the key here.
Sent from Cisco Technical Support iPhone App
01-26-2014 08:32 AM
Hello Scott
Other question, is there any problem with 5508HA over a switched enviroment?
5508 are in two different Server Rooms?
regards
Chris
01-26-2014 08:37 AM
Can you explain a bit more. With v7.5 I believe, Cisco supported layer 2 connectivity but prior to that, they supported only direct connection. When you say they are in separate locations, does that mean in the same location or separate buildings? You have these 5508's in AP SSO or N+1?
Sent from Cisco Technical Support iPhone App
01-26-2014 08:52 AM
sorry
5508 in HA SSO mode
HA via a layer 2 vlan (not routed) in two sperate buildings connected via 10gig Fiber link on HP(again sorry;-))
It works fine but my costumer think that he loses configparts when failover happens.. maybe not saved..
1 Time in 4 Month a failover happens..
01-26-2014 09:03 AM
That is fine, but are the vlans for the dynamic interfaces also layer 2... both buildings share the same subnets? Thats where the issue might be, in case of a failure, the HA will come up and have the same config as the primary.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-26-2014 09:12 AM
okay
yes both buildings share the same vlans, i have to update anyway because we are using a defferd image,
So i update to the latest and geatest 7.6 and hope everthing works fine.
01-26-2014 09:45 AM
v7.4.110.0 of v7.4.121.0 is what we use for HA AP SSO for stability. We only go to v7.5 and or v7.6 if they require features, but stick to v7.4.x if possible. v7.6 has some open issues that have caused use issues in deployments due to the 3700's.
Issues are curren'ty seen witht he 3600's and 3700's
https://supportforums.cisco.com/thread/2233768?tstart=0
these're the respective defects filed for the mentioned issues.
CSCum49200 Mac wireless clients in RUN state sometimes unable to ping gateway
CSCum62305 Traffic stops for iphone/mac OS in 7.6 in 3600/3700
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-26-2014 10:43 AM
My costumer is a pretty small costumer with about 50 Aps in HQ and 1 or 2 AP's in branch office.
He is not the cisco guru so i want to do this simple as possible.
when we have 5508 in HQ and Flexconnect in the branches offices, is there any advantage when i have a 3650 in the branch? Beside the local termination of the CAPWAP?
In this situation,it is not worth configuring CA at branch as it makes design over complex. Yes simply configure those two APs in FlexConnect mode & register back to your 5508.
You can choose 3650 as a L3 switch (rather enabling MA/MC functionality) for customer's branch, but no wireless funcinality at all. This gives you an advantage of going to a CA if needed without buying additional hardware sometime in future. As a layer 3 switch itself 3650 has lots of advantages compare to any legacy L3 switch.(Netflow support, UADP ASIC, etc)
Refer this for some features of 3650
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps13133/qa_c67-729531.pdf
HTH
Rasika
**** Pls rate all useful responses ****
01-27-2014 12:28 AM
Hello Guys
Thanks for your help.
Only 1 question remains:
Is HA SSO via layer 2 vlan supportet in 7.4.121?
In my opinion it must be supportet in fact the wism2 makes SSO only via Vlans..
regards
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide