Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1800
Views
8
Helpful
8
Replies

High availability deployment Wireless Lan Controller

HiddenAir
Level 3
Level 3

‎03-06-2025 12:06 PM

Hey guys,

I'm bringing up this topic because we are discussing the best option for a second stack of controllers.

Right now, we have a stack of WLC 9800-40 controllers working fine with around 500 APs registered. This stack is located in "Zone A." However, we want to deploy another stack of 9800-40 controllers in "Zone B," a couple of kilometers away.

The problem is that we want to maintain the same addressing for users. Currently, all the gateways are in the distribution layer of the controller. One option to achieve this is using HSRP, but it is risky and requires a lot of effort to work properly.

The second option is to deploy a separate controller with different addressing and use HA Mobility between both controllers.

In case of failure, all APs would need to rejoin the new controller.

The main goal for both solutions is to minimize downtime as much as possible when switching from one controller to another.

What do you think is the best option? Have you implemented something similar before?

 

 

HLD - WLC-hld-wlc.png

 

0 Helpful
8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

‎03-06-2025 12:18 PM

You really don't want to span your vlans, It almost seems that you should just keep the two sites with its own controllers and not try to combine them.  The only other way is using FlexConnect local switching so that devices obtain dhcp from that local subnet. Keep it simple or else troubleshooting and opening a TAC case will be very difficult.

-Scott
*** Please rate helpful posts ***

HiddenAir
Level 3
Level 3
In response to Scott Fella

‎03-07-2025 03:21 AM

That's what I want keep it simple.

thanks for your advice!

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-06-2025 12:46 PM

How critical is the WiFi network? 

If it is "that" critical, do not use HA SSO and go with N+1 and reboot the controllers once every 4 to 6 months.

Scott Fella
Hall of Fame
Hall of Fame
In response to Leo Laohoo

‎03-06-2025 03:59 PM

100% @Leo Laohoo 

-Scott
*** Please rate helpful posts ***

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Scott Fella

‎03-07-2025 01:26 AM

Thanks, @Scott Fella🙂

0 Helpful

HiddenAir
Level 3
Level 3
In response to Leo Laohoo

‎03-07-2025 03:24 AM

it's critical but... we haven't face any blackout of the wifi in 15 years, no one site have lost the energy connection... so.. I don't think an scenario like could happen.

N+1 is a good idea.

Thanks Leo for your advice.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to HiddenAir

‎03-07-2025 04:10 AM

Read this:  Cisco Catalyst 9800 Series Configuration Best Practices

Read it well.  There is a "hidden message" in all that. 

Rich R
VIP
VIP

‎03-10-2025 12:54 AM

This is very similar to the design we use to achieve 99.999% availability.  We have a pair of HA-SSO WLCs in each data centre (opposite sides of the country) and N+1 with mobility configured for the APs between the DCs. We split the client IP range between the 2 so we have 2 contiguous ranges allocated to the 2 DCs.  And each of those IP pools is split between the DHCP servers in each DC so DHCP A can serve WLC B and vice versa.  This means it protects against WLC failure, DC failure (this happened to us once when our power team had a "disaster" during UPS maintenance) and DHCP server failure.  APs are configured with pri/sec WLC (in the AP HA settings) and we set "capwap timers primary-discovery-timeout 600" so APs will take around 10 minutes to switch back to their primary when it recovers (ensuring it's ready to take the load by that time).  They fail over to backup much quicker if the primary fails.  Agree with @Scott Fella to avoid spanning VLANs between DCs - keep them separate and route between them.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card