11-08-2011 09:52 PM - edited 07-03-2021 09:03 PM
Hi,
I have 3 existing controller with different model, capacity, version and configurations. I have purchased new controller that supports 100 APs.
Let's say WLC_A has a capacity of 25 APs and caters 20 APs, WLC_B has a capacity of 12 APs and caters 12APs, WLC_C has a capcity of 50 and caters 30APs. the NEW WLC, WLC_NEW has a capacity of 100 and will only have 18 APs registered to it.
What will be the requirement for me to have WLC_A, WLC_B, WLC_C failover to WLC_NEW, given that all OLD WLCs have different version and configurations? We are trying to make this as HA as possible.
Solved! Go to Solution.
11-08-2011 10:28 PM
Try different profile name with same SSID with different security types,
When creating a WLAN with the same SSID, follow these guidelines and requirements:
•You must create a unique profile name for each WLAN.
•When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.
Thanks
NikhiL
11-08-2011 10:03 PM
Hi,
For HA to work out all the failover WLC in the same build and same config. If you have some specific conifguration for each AP in the different WLC, you can try with AP-groups
Thanks
NikhiL
11-08-2011 10:21 PM
Hi Nikhil,
I was also looking for AP group as a solution but the thing is each some location has different SSID and for that i can re-create those SSID on the WLC_NEW. But for example if one SSID from WLC_A is same on WLC_B but has different security how can this be done? I believe AP grouping will associate with same SSID, thus should have same security for each client. as another info for my senario will be as of below:
WLC_A
SSID: TEST_A
Security: WEP
SSID: Guest
Security: none
WLC_B
SSID: TEST_B
Security: WPA_PSK
SSID:Guest
Security:web auth
WLC_C
SSID: TEST_C
Security:WEP
SSID: Guest
Security: WPA_PSK
Guest SSID is common on each WLC but have different security and different VLAN and IP addressing on each site.
11-08-2011 10:28 PM
Try different profile name with same SSID with different security types,
When creating a WLAN with the same SSID, follow these guidelines and requirements:
•You must create a unique profile name for each WLAN.
•When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.
Thanks
NikhiL
11-08-2011 10:45 PM
one more thing how about the VLANs
WLC_A
SSID: Guest
Security: none
VLAN: 20 SW_A
WLC_B
SSID:Guest
Security:web auth
VLAN: 40 SW_B
WLC_NEW
SSID:Guest
Security:WPA_PSK
VLAN: 20 SW_NEW
My question here is for the VLANs where SSID:Guest on WLC_A the VLAN is 20, for WLC_B it is on VLAN 40, what is available for guest network on my new network is just vlan 20 also. If all the APs failover, where do my AP clients associate their VLAN on to? is on their respective switch or on the SW_NEW where my new controller is attached? does switching happens on the local Switches where the APs are connected? this is because SW_NEW does not have VLAN 40 and since WLC_A and WLC_NEW's Guest SSID is both on VLAN 20.
11-09-2011 05:10 AM
If you are AP failover, clients will get IP address from the respective WLAN interface in the new WLC it joins.
Are you having same vlan with different IP address, say vlan 40 in wlc_A with one ip range , and vlan 40 in wlc_new with another ip range
Thanks
NikhiL
11-09-2011 06:55 PM
yes i have same VLAN 40 but different IP range and different part of network which traverse through WAN.
And just for verification i need to have same version of OS on all my WLC right?
11-09-2011 07:06 PM
yes you should or else your AP's will have to downgrade or upgrade depending on which wlc it connects to.
Sent from Cisco Technical Support iPhone App
11-09-2011 07:23 PM
Hi Scott,
thanks for the verification, how about for the VLAN question?
11-09-2011 07:36 PM
It's fine... If an AP moves to a different WLC (failover for example) the users will obtain a new ip address from the location the WLC resides.
Users will not keep their ip address.
Sent from Cisco Technical Support iPhone App
11-11-2011 01:43 AM
Hi Scott,
so if for example wlc_A has vlan_10 with ip address of 10.10.10.0 /24
then when it transfer to wlc_B with vlan_10 of 20.20.20.0 /24, client will get ip address of 20.20.20.X?
11-11-2011 04:11 AM
Yes you are right.
Sent from Cisco Technical Support iPhone App
11-11-2011 05:44 AM
Let me try to explain this a little better. If you have the following like you posted earlier and all these WLC's are located in the same building and you mobility between the two. When a user roams from one WLC to another, it will break and the user will have a hard time accessing the SSID. This is because you changed the security method. You can't apply multiple security profiles on a client.
WLC_A
SSID: Guest
Security: none
VLAN: 20 SW_A
WLC_B
SSID:Guest
Security:web auth
VLAN: 40 SW_B
WLC_NEW
SSID:Guest
Security:WPA_PSK
VLAN: 20 SW_NEW
What you need to do is define your wireless requirements (SSID & Security method) You want to have the same SSID have the same security method and preferably have the dynamic interfaces on the same subnet if your L2 to the access.
This is how you should have guest as an example. All the WLC should be in the same mobility group!
WLC_A
SSID: Guest
Security: WebAuth
VLAN: 20 SW_A
10.20.10.20/24
WLC_B
SSID:Guest
Security:WebAuth
VLAN: 20 SW_B
10.20.10.21
WLC_NEW
SSID:Guest
Security:WebAuth
VLAN: 20 SW_NEW
10.20.10.22
This setup will allow users to roam from one WLC to another seamlessly.
11-13-2011 06:13 PM
Hi Scott / Nikhil,
You are mostly correct but the problem is this setup is already established. and since site_A has same VLAN 20 but different IP (10.10.10.X) from site_NEW which has VLAN 20 (20.20.20.X) this has been the real chalenge. Nikhil was correct too, i can create multiple profile so if client has different configuration for security and have similar SSID then they can still connect with this SSID. but if they were same security and same SSID but different VLAN ip range that will be my problem.
Another problem will be is if the WLC failover and have different IP, most probably the routing of this traffic will pass thru the Gateway of the new site.
Is there a way that even if the WLC fails they will still use the local LAN in which the APs were connected?
11-13-2011 07:22 PM
Maybe you should look at H-REAP. Using H-REAP will dump traffic local to that site and this your dhcp is local and users will keep their ip address.
Sent from my iPhone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide