Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3789
Views
30
Helpful
24
Replies

HA N+1 Setup

jccr
Level 1
Level 1

‎07-11-2020 06:37 AM - edited ‎07-05-2021 12:16 PM

We will be having a deployment that 2 sites have both active and standby WLC.

The APs in site 1 will connect to the WLC in site 1 and the APs in site 2 will connect to the WLC in site 2.

If both the active and standby wlc is down on site 1, the APs will connect to site 2.

 

May we ask how will be the configuration for both wlc? Do we need to replicate the site 1 WLC config to the site 2 WLC? If yes, what configurations must be the same for this setup to work? Thanks in advance! 

Labels:
0 Helpful
24 Replies 24

patoberli
VIP Alumni
VIP Alumni
In response to jccr

‎07-13-2020 08:39 AM

I'd like to add to Scotts points, don't do the failover with a second site.
If, for example, your WAN link gets overloaded, the APs at the other site will loose their connection to the WLC and start to reboot. You would need to add QoS on the WAN for the CAPWAP packets.
You will also have various issues once you decided to do a software upgrade on one site.
Oh and make sure to have a short enough DHCP lease time, so that if a user puts his laptop into standby at site 1 and then drives to site 2 and wakes it up again, so that the client will do a fresh DHCP handshake (if you use the same SSID at both sites). There are some workarounds for that with the Mobility Group, but not all clients behave nicely.
0 Helpful

jccr
Level 1
Level 1
In response to patoberli

‎07-19-2020 05:00 AM

Hi, Scott & patorbeli..

 

The final setup is that we will be having HA SSO on site 1 and HA SSO on site 2. Meaning we have active and standby wlc in site 1... and active and standby wlc on site 2.

 

-The access points in site 1 will be configured as local mode and its primary WLC is in site 1, and secondary is the WLC in site 2

-The access points in site 2 will be configured as local mode and its primary WLC is in site 2, and secondary is the WLC in site 1

 

 

May we ask for the configuration for this to work? Do i need first to configure mobility group?

I also wanted to ask how will be the ip addressing or subnetting if the WLCs in site 1 is down? Do i need to prepare a new subnet for the users when APs in site 1 connect to WLC in site 2 and vice versa?

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to jccr

‎07-19-2020 08:45 AM

Like I mentioned before, it’s not a good idea in your design to failover to the other site. However, I think once you test this after you get everything up, you will see how things really work.
So if you are still planning to do this, you would need to have the wlans configured the same, mobility groups configured and the wlans mapping to the same vlan id for consistency. You will have to make sure the subnet one each site is large enough to manage all the devices on that wlan for each site. You can’t map a new subnet when there if a failover.
If site 1 goes down, all AP’s will reboot and have to join site 2. Once the aps join site 2, all traffic will tunnel back to site 2 and be placed on the same subnet as the devices on site 2 using the same wlan.
If and ap at site 1 joins site 2, users whom roam to that ap at site 1 joined to site 2 will be anchored, so you will have anchoring happening. This is what you also want to avoid if possible, so you will have to monitor the controllers to make sure the other sites aps are not joining unless there is a failover.
Make sure you test so that you see how the failover works and the experience the users will see. You will just have to power down both controllers or disconnect both from the network.
-Scott
*** Please rate helpful posts ***
0 Helpful

jccr
Level 1
Level 1
In response to Scott Fella

‎08-06-2020 07:38 AM

Hi, Scott.

 

I hope you are doing good.

 

The setup is already final both site with HA SSO WLC and if 1 site is down, all the aps will failover to the other site and vice versa

 

 

I'm also thinking about the firewall policies for the new subnets. Do we need to also consider this or reachability from APs in site 1 to controller in site 2 is enough?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to jccr

‎08-06-2020 08:38 AM

I guess it depends on how your traffic flows. If you don’t have any issues when you do failover, then I don’t think any FW rules need to be added or changed. Just make sure you test and understand what the users will see during a failover.
-Scott
*** Please rate helpful posts ***
0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-12-2020 02:11 AM

Do you have Cisco Prime in your environment, if so Cisco Prime can be configured for configuration sync between devices. This is the CVD for config sync in N+1.

 

If not make sure at the time of the configuration that all the AP's are joined to the controller configure all the AP's assign all the AP group, Flex groups etc. Then replicate the config in the second controller but make sure that the dynamic interfaces are properly configured in the N+1 controller

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

jccr
Level 1
Level 1
In response to Arshad Safrulla

‎08-12-2020 06:36 AM

Hi, Arshadsaf.

 

 

Unfortunately we dont have Cisco Prime in this implementation

0 Helpful

LukaszC
Level 1
Level 1

‎06-08-2023 12:59 AM - edited ‎06-08-2023 01:01 AM

Hello guys.

Please review&advice if I'm going into correct HA design or making it worst.

Currently we have similar setup in four countries.
Country A:
2xWLC 5520 in SSO
WLC is located in country HQ where are also AP but manage many AP in branches for this country.
SSID1 - Corporate, Flexconnect local switching, each site/floor has own AP group, Flex group
SSID2 - Guests, central switching (capwap data+control)

Country B,C,D - similar setup so 2XWLC+AP in HQ and some branch offices with AP.

MPLS between sites. Centrally located DHCP (but each site has own subnet, Guests are having common) and ISE as Radius. All managed by Cisco DNA + manually on WLC when needed.
There are mobility groups defined and in wireless global config back-up primary controller (country A + B, and second group country C + D)

I did simulate AP lose connection to WLC and AP did fail-over to back-up primary controller but end user couldn't connect, then I notice Cisco DNA didnt copy AP groups and Flex groups.

Did read this and other treads, some Cisco guides but dint found enough details to plan geo-redundancy for access points.
Is it best practice to fail-over AP with Flexconnect or maybe I should remove back-up primary controller and mobility groups?

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to LukaszC

‎06-12-2023 08:52 AM

I would in this case not failover geo-redundant, but just in the same country where the two WLC are located. 

So if Country A has 2 WLC running in SSO, then only failover between those two WLC and don't additionally failover to the WLC in Countries B/C/D. 

0 Helpful

LukaszC
Level 1
Level 1
In response to patoberli

‎06-14-2023 05:08 AM

Thank you for answer.
I decided to remove mobility group (succeed) but cannot remove on WLC > Wireless > Access Points > Global Configuration > High Availability defined "Back-up Primary Controller IP Address(Ipv4/Ipv6)" and "Back-up Primary Controller name".
I'm deleting those, apply change and those are back, why?

5520/8.10.162.0

Preview file
11 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card