cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2732
Views
0
Helpful
34
Replies

controller failover for different controllers

ejlbarcelon
Level 1
Level 1

Hi,

I have 3 existing controller with different model, capacity, version and configurations. I have purchased new controller that supports 100 APs.

Let's say WLC_A has a capacity of 25 APs and caters 20 APs, WLC_B has a capacity of 12 APs and caters 12APs, WLC_C has a capcity of 50 and caters 30APs. the NEW WLC, WLC_NEW has a capacity of 100 and will only have 18 APs registered to it.

What will be the requirement for me to have WLC_A, WLC_B, WLC_C failover to WLC_NEW, given that all OLD WLCs have different version and configurations? We are trying to make this as HA as possible.

1 Accepted Solution

Accepted Solutions

Try  different profile name with same SSID with different security types,

When creating a WLAN with the same SSID, follow these guidelines and requirements:

•You must create a unique profile name for each WLAN.

•When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.

Thanks

NikhiL

View solution in original post

34 Replies 34

nikhilcherian
Level 5
Level 5

Hi,

For HA to work out all the failover WLC in the same build and same config. If you have some specific conifguration for each AP in the different WLC, you can try with AP-groups

Thanks

NikhiL

Hi Nikhil,

I was also looking for AP group as a solution but the thing is each some location has different SSID and for that i can re-create those SSID on the WLC_NEW. But for example if one SSID from WLC_A is same on WLC_B but has different security how can this be done? I believe AP grouping will associate with same SSID, thus should have same security for each client. as another info for my senario will be as of below:

WLC_A

SSID: TEST_A

Security: WEP

SSID: Guest

Security: none

WLC_B

SSID: TEST_B

Security: WPA_PSK

SSID:Guest

Security:web auth

WLC_C

SSID: TEST_C

Security:WEP

SSID: Guest

Security: WPA_PSK

Guest SSID is common on each WLC but have different security and different VLAN and IP addressing on each site.

[!][!][!][!][!][!][!][!][!][!]

Try  different profile name with same SSID with different security types,

When creating a WLAN with the same SSID, follow these guidelines and requirements:

•You must create a unique profile name for each WLAN.

•When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.

Thanks

NikhiL

one more thing how about the VLANs

WLC_A

SSID: Guest

Security: none

VLAN: 20 SW_A  

WLC_B

SSID:Guest

Security:web auth

VLAN: 40 SW_B

WLC_NEW

SSID:Guest

Security:WPA_PSK

VLAN: 20 SW_NEW

My question here is for the VLANs where SSID:Guest on WLC_A the VLAN is 20, for WLC_B it is on VLAN 40, what is available for guest network on my new network is just vlan 20 also. If all the APs failover, where do my AP clients associate their VLAN on to? is on their respective switch or on the SW_NEW where my new controller is attached? does switching happens on the local Switches where the APs are connected? this is because SW_NEW does not have VLAN 40 and since WLC_A and WLC_NEW's Guest SSID is both on VLAN 20.

If you are AP failover, clients will get IP address from the respective WLAN interface  in the new WLC it joins.

Are you having same vlan with different IP address, say vlan 40 in wlc_A with one ip range , and vlan 40 in wlc_new with another ip range

Thanks

NikhiL

yes i have same VLAN 40 but different IP range and different part of network which traverse through WAN.

And just for verification i need to have same version of OS on all my WLC right?

yes you should or else your AP's will have to downgrade or upgrade depending on which wlc it connects to.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi Scott,

thanks for the verification, how about for the VLAN question?

It's fine... If an AP moves to a different WLC (failover for example) the users will obtain a new ip address from the location the WLC resides.

Users will not keep their ip address.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi Scott,

so if for example wlc_A has vlan_10 with ip address of 10.10.10.0 /24

then when it transfer to wlc_B with vlan_10 of 20.20.20.0 /24, client will get ip address of 20.20.20.X?

Yes you are right.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Let me try to explain this a little better.  If you have the following like you posted earlier and all these WLC's are located in the same building and you mobility between the two.  When a user roams from one WLC to another, it will break and the user will have a hard time accessing the SSID.  This is because you changed the security method.  You can't apply multiple security profiles on a client.

WLC_A

SSID: Guest

Security: none

VLAN: 20 SW_A

WLC_B

SSID:Guest

Security:web auth

VLAN: 40 SW_B

WLC_NEW

SSID:Guest

Security:WPA_PSK

VLAN: 20 SW_NEW


What you need to do is define your wireless requirements (SSID & Security method)  You want to have the same SSID have the same security method and preferably have the dynamic interfaces on the same subnet if your L2 to the access.

This is how you should have guest as an example.  All the WLC should be in the same mobility group!

WLC_A

SSID: Guest

Security: WebAuth

VLAN: 20 SW_A

10.20.10.20/24

WLC_B

SSID:Guest

Security:WebAuth

VLAN: 20 SW_B

10.20.10.21

WLC_NEW

SSID:Guest

Security:WebAuth

VLAN: 20 SW_NEW

10.20.10.22

This setup will allow users to roam from one WLC to another seamlessly.

-Scott
*** Please rate helpful posts ***

Hi Scott / Nikhil,

You are mostly correct but the problem is this setup is already established. and since site_A has same VLAN 20 but different IP (10.10.10.X) from site_NEW which has VLAN 20 (20.20.20.X) this has been the real chalenge. Nikhil was correct too, i can create multiple profile so if client has different configuration for security and have similar SSID then they can still connect with this SSID. but if they were same security and same SSID but different VLAN ip range that will be my problem.

Another problem will be is if the WLC failover and have different IP, most probably the routing of this traffic will pass thru the Gateway of the new site.

Is there a way that even if the WLC fails they will still use the local LAN in which the APs were connected?

Maybe you should look at H-REAP. Using H-REAP will dump traffic local to that site and this your dhcp is local and users will keep their ip address.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card