01-18-2017 11:52 PM - edited 07-05-2021 06:23 AM
Hello Experts,
could you please help me to understand better insight of HA within Anchor Scenario. i have 4 internal WLC 8540 controllers and 2 wlc's in DMZ.
Internal 4 controllers are working in HA that means i have 2 pair of HA in my Internal LAN ( 2 Wlc in one pair and 2 wlc in other pair ) .
I have other 2 wlc in DMZ which will serve as anchor controller. Now i want to configure those DMZ controller also in HA but the point on which i am confused is:
Suppose my dmz controllers are in HA , but when i am configuring mobility groups , i will configure IP and MAC configs in internal and anchor controller.
when one of the Anchor wlc is down , do u think other anchor will assume its role and will serve guest traffic. i think that would not be possible as in HA they will have same IP but when one is down , IP will still remain the same but MAC address will change and in that case EOIP tunnel would not be successful.
So could you please guide me is this a do-able thing or what is a way around.
Solved! Go to Solution.
02-22-2017 11:25 PM
Hello Waqas,
There is no HA feature for Anchor WLCs like for Foreign WLCs. If you want to have redundancy between your Anchor WLCs, you need to set thjese WLCs in your SSID (On the anchor configuraiton) and put a priority for each WLC.
If the priority is the same, both WLCs will handle the clients. If you set a different priority, the WLC with the lowest one will handle all clients and if this one if going down for some reason, the secondary will handle the clients.
Hope this helps,
-Alexis
02-27-2017 06:33 AM
If a foreign controller fails, client only local to the foreign controller state are preserved. Clients that are anchored are not and it will be a new association that needs to happen.
Stateful switchover is not intended for anchored clients.
-Scott
*** Please rate helpful posts ***
02-22-2017 11:25 PM
Hello Waqas,
There is no HA feature for Anchor WLCs like for Foreign WLCs. If you want to have redundancy between your Anchor WLCs, you need to set thjese WLCs in your SSID (On the anchor configuraiton) and put a priority for each WLC.
If the priority is the same, both WLCs will handle the clients. If you set a different priority, the WLC with the lowest one will handle all clients and if this one if going down for some reason, the secondary will handle the clients.
Hope this helps,
-Alexis
02-25-2017 10:26 PM
Dear Alexis,
Thanks for your reply. Actually I have got the below mentioned reply from Cisco TAC also on this.
"Regarding your query, when you set up SSO failover on the WLC, there is a field to enter the Mobility MAC address.
You can enter the Primary WLC’s MAC Address here, and when the failover occurs, the Secondary will take over retaining the same mobility MAC Address, hence not disrupting the EOIP Tunnel"
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html
So based on this reply is it possible as I have yet not configured this scenario and trying to understand its design perspective.
Thanks,
02-25-2017 11:15 PM
In SSO, you only use the Primary co trollers MAC address. So if you want to setup SSO for your anchors, then you only use the Primary controller MAC address. Now I personally wouldn't setup SSO for the anchors but have two in which I would point the foreign controllers to. I don't know if a failover in SSO would keep the client state since it is being anchored. Something you would just need to test and see.
-Scott
*** Please rate helpful posts ***
02-27-2017 04:17 AM
I tested it and the client has to reconnect because the session is being anchored to another Anchor WLC
AL
02-27-2017 04:32 AM
I currently have 2 WLC's in my airport test lab and awaiting other WLC's to be received and then I will test the same thing as Scott has suggested earlier in his reply.
But I just want to understand from and please correct me if I am wrong and below mentioned are my assumptions based on your reply.
" I assume , HA works fine within 2 WLC's which are working as Anchor WLC in DMZ and when Any HA Pair from Internal Lan is Powered off/shutdown or vice versa in case of WLC powered off in DMZ zone; that time EOIP will be reinitiated and client need to re-authenticate"
If this is correct then I request you guyz to propose an optimal solution. either I keep my DMZ WLC's in HA Pair or separate them as primary/secondary and define priority through my internal Lan controller.
cheers.
Thanks
02-27-2017 06:33 AM
If a foreign controller fails, client only local to the foreign controller state are preserved. Clients that are anchored are not and it will be a new association that needs to happen.
Stateful switchover is not intended for anchored clients.
-Scott
*** Please rate helpful posts ***
03-09-2020 08:29 PM
Hi Scott, is there any documentation on this.. since the anchored client state on foreign controller in run state, it should be retain if one of foreign controller in HA fails. Just trying to understand the logic why guests will have to relogin ?
03-09-2020 09:48 PM
03-29-2018 01:31 AM
Hello Scott, would you then add both anchor WLCs into the Mobility Group ? Would that mean 2s mobility tunnels ?
Thanks,
Chris.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide