07-15-2024 11:57 AM
07-15-2024 12:00 PM
Two site two wlc sso' I dont think it work' wlc sso need l2 connection
Best is config two wlc and make AP select close wlc
MHM
07-15-2024 12:03 PM
>...., so for example in case of any complete shutdown or lack of consumed power in site A, the AP’s will directly..
Ok , but will the APs then remain alive too ? Will it be reasonable to keep a wireless service running for customers ?
Anyway you can look at N+1 redundancy between HA-SSO pairs on different sites , for instance.
M.
07-15-2024 01:16 PM
I'm afraid my idea wasn't clear enough, i will try to explain with a an illustrative image
so, let's imagen that in Site the controller management IP is 192.168.1.50/24 with its having its own standby controller if its fails.
the other site controller management IP is 1.1.1.50/24 with its having its own standby controller if its fails.
I want if site A both primary and secondary controller fails it migrates all its AP's and wlan to the controller in site B until it the primary controller in site A reconnects back, and vise versa.
07-15-2024 01:35 PM
Hello @mm-501
One possible scenario for you would be the AP from site A to have the WLC cluster management IP address from site B as a secondary WLC in the AP availability tab. The same you can do on the site B using the management IP address from site A.
This way, if one side goes down, the AP will migrate to the other side and this is called HA N + 1.
Keep in mind, however, during the AP migration there will be clients disconnection as the AP will reload.
For WLC 9800 look at "Configuration on Access Points"
07-15-2024 01:42 PM
Meaning, is it impossible to have N+1 and SSO at the same time ??
07-15-2024 01:52 PM
Actually the idea I provided uses both at the same time. The HA SSO will be used between WLC on the same site, this is what you have today.
The N + 1 is done by pointing the high availability tab on the AP to the other site on the Secondary WLC option
07-16-2024 02:04 AM
07-16-2024 02:21 AM
First of all
Ap discover only IP of active Wlc sso,
So now we have two IP
Ip of wlc sso of dc1 and wlc sso of dc2
You can config primary abd secondary IP but the issue is all AP will join the primary and if it failed the it will use secondary.
Or we can do some AP limit number to make some load sharing between two sites but that not make ap in dc1 sure join wlc sso in dc1 it can join wlc sso in dc2.
That my view for this issue
MHM
07-17-2024 04:40 AM
You need to think about WLC is HA SSO as one WLC. Once you joined an AP in a WLC which is part of an HA SSO cluster, from the AP perspective is like it is joined in one WLC. If one WLC crash the other take over and this is totally transperent to the AP and clients.
Now you want redundancy netween data certers. Between Data Centers you are not going to have HA SSO because you can not have HA SSO between more than two WLC. The only way to have redundancy between Data Center on this case is using N + 1, which you can achieve by adding the other Data Center's WLC on the High Availability tab of each Access Point
07-16-2024 06:32 AM - edited 07-16-2024 07:06 AM
@mm-501 that's exactly how we run our networks for 99.999% availability of over 23,000 APs and allowing for total DC failure.
HA pair 1 in DC1 (WLC1) + HA pair 2 in DC2 (WLC2)
AP is configured for N+1 redundancy with WLC1 as HA primary and WLC2 as HA secondary or vice versa (we split them across the 2 so we would never lose more than half in case of a DC failure).
- You should configure mobility between the 2 WLCs.
- APs do not reboot when moving between the WLCs (as Flavio suggested) they simply do a CAPWAP restart.
- Obviously you need to maintain the exact same config on both WLCs. Keep the AP groups and WLANs identical - even the same order of WLANs in the AP group as there have been numerous bugs over the years triggered by differences.
- Keep the same code version on both WLCs.
- Since either WLC could have to support all APs you should never fill either beyond 50% capacity or licenses.
APs and clients should not have any disruption in case of a local SSO switchover (in theory but sometimes they might anyway...) and there's a short interruption if you lose one DC and the AP has to move to the other DC. If you use flexconnect local switching and authentication then the clients will not be affected at all because the AP can go to standalone mode without affecting clients. We use "config advanced timers ap-primary-discovery-timeout 600" so generally an AP should switch back to primary WLC within 10 minutes of the WLC coming back online. Configure your DHCP option 43 for both WLCs, in whichever order you want the AP to use them as primary/secondary so it can always find a WLC on bootup.
ps: What WLCs are you using?
07-17-2024 04:24 AM
07-18-2024 02:22 AM - edited 07-18-2024 02:23 AM
Yes, which matches the first diagram you attached. The SSO configs automatically stay in sync (that's what SSO redundancy does) so you treat the SSO pair as a single WLC (from AP point of view). So you just need to keep the configs in sync between site A and site B.
You second diagram shows 3 sites with SSO WLC in site A and single WLC and sites B & C - also possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide