cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1128
Views
0
Helpful
19
Replies

Cisco Wireless HA box to box failover

Steven Williams
Level 4
Level 4

I am working on a design for wireless failover and I have an idea in my head and cant really see why it wouldnt work but im asking others.

If I have a WLC HA pair in two different geographically datacenters, Could I still set the IP of HA pair one at DC01 as primary and IP of HA pair one at DC02 as secondary so in the event the box to box failover doesnt work worse case scenario the APs will failover to the secondary HA pair in DC02? Yes I know clients and APs would see disruption but I am planning as last resort. In the interim the box to box failover would work and we could repair the previous active controller before the 90 days is up on the HA-SKU controller. I guess this would be a failover event for complete Datacenter failure or WAN connections broke to remote sites.

19 Replies 19

Scott Fella
Hall of Fame
Hall of Fame

Steve,

You are talking about N+1 and not SSO I'm assuming since your separated via layer 3.  This is a typical deployment and each controller would have interfaces/ip on subnets locally at that site.  Now your AP high availability should be set to define your primary and secondary controllers.

You should not be using SSO as the RP has to be on the same subnet along with all the other interfaces.

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***

Guess I'm looking at a hybrid then.

AP will be connected to an HA Pair at site one and will have stateful failover to standby controller in a failed scenario. If the site goes down then HA pair site is irrelevant so then failover to the other HA pair at site 2.

Think of SSO like HSRP. Scoot is right you will want to consider N+ redundancy and set the high availability in your APs. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

N+1 doesn't solve the issue of client and AP interruption. 

Thats correct there is no SSO client or SSO ap in N+1. You are correct in your understanding. I know of one customer who stretched layer 2 across to the backup DC and their working fine. 

Many environments can suffer a short drop because if the main goes down most times many other things have issues and wireless is lowest they worry about. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Ok so basic questions here: 

traditionally you could set primary and secondary IPs of controllers on APs? 

HA pair active/standby sync the configs which means IP addresses will carry to the standby controller.

so why could I not set my APs to that IP as primary and for the secondary IP set it to the IP of another HA pair? Seems simple enough but do the APs go into Simone other mode when HA pairs are configured that prevent them from having a primary and secondary controller IP?

You can but you still have a break in the connection and thus a client ap interruption. 

Now if the 2 controllers that are SSO - if one broke you would not. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Right. HA pair 1 would be AP01s primary controller(s). So if the active one failed in the HA pair, then stateful failover would happen and AP01 would never know. That is same site redundancy. Now if the that HA pair fails completely for AP01 because the ingress WAN link to the site with the HA pair failed then I could failover AP01 to HA pair 2 at a completely different site. Now yes in the case of a failover to another physical site separated via layer 3 boundry would cause AP01 to go through capwap again and clients to get new IPs etc etc...wireless wouldn't be completely down due to HA pair at the primary site going down. 

Does that make sense? Kinda why I said N+1 hybrid. N+1 in a sense that an HA pair will be the "backup" pair for the other but SSO cause they are HA pairs.

yea 2 (SSO) pairs .. it would work.  You would likely add the high availability of the 3rd controller as the primary of HA pair #2. 

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

What do you mean?

Each HA pair only has 1 IP address correct? 

So I would enter the IP of the HA pair to the APs primary controller 

and the IP of the second HA pair to secondary controller so tertiary would just be blank

If your design is N+1, then you would want to specify the primary and secondary controller and the tertiary would be blank. If your design is SSO, then you would only use the primary controller IP address and the secondary and tertiary would be left empty.

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***

But if I have 2 HA pairs then I would use primary and secondary. 

Each HA pair IP would fill both primary and secondary. 

Specify what type of HA you have, N+1, SSO or two pairs of SSO to make N+1?  Better yet, put a drawing together so that we are clear on what you have and are trying to do. Still not clear as HA comes in two forms.

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card