Solved: How to plan Failover for the following Scenarios in Flex-connect mode.

niketan sutar · ‎02-11-2015

The following queries are in respect to AP High availability (not SSO fail over or Controller HA), meaning if one controller fails, the AP will be failing over to the secondary controller which is in a different Geo location. the AP will be in Flex-connect mode with local switching and local auth. in this scenario, following are my queries

1: If i have an SSID that has an interface group linked to it, can i fail it over on other controller where there may be a single WLAN linked to it.?

2:Do we need the subnet masks to be same at both ends?

3: if i have an SSID with open authentication, can i configure the remote network SSID with no authentication?

4: can any one link me up with a document that explains configuration case study of the flex-connect mode fail over scenarios.

All the help given would be really appreciated.

Thanks.

Scott Fella · ‎02-11-2015

1: If i have an SSID that has an interface group linked to it, can i fail it over on other controller where there may be a single WLAN linked to it.?

Interface groups only works for centrally switch not locally switch

2:Do we need the subnet masks to be same at both ends?

See #1

3: if i have an SSID with open authentication, can i configure the remote network SSID with no authentication?

if you configure an SSID with open authentication, then all APs that have that SSID assigned to it will use that. Open authentication is the same as no authentication.

4: can any one link me up with a document that explains configuration case study of the flex-connect mode fail over scenarios.

Do a search on Google for "FlexConnect deployment guide". That will have links to failover.

-Scott

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-19-2015

If you have WLCs in all sites, then my what you need to determine is if FlexConnect is really your best design. There are limitations to FlexConnect and to be honest, why have a controller in each site if your doing FlexConnect? All your data is locally switched, so you can actually bring all the wlcs back to your DC and have redundancy.

If you go with FlexConnect still, then how large of a subnet? You should create a subnet that is large enough for your clients devices today and for growth in the next few years. If the subnet is very large and you don't want to really have that large of a subnet, then FlexConnect isn't best for your design. FlexConnect is great for smaller sites so subnet size isn't an issue. /21-/23 shouldn't be an issue in my opinion, but you need to agree on that also. If they purchase an HA redundant for each site, now your converting the APs to local mode and then your cleaning up the configuration in all ap switch ports to make then an access port. That's a lot of work if you have many access points. It's very hard to answer your question without really knowing what's in place, what all the requirements are and what is the plan in the future. Hopefully I gave you some ideas.

-Scott

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-11-2015

1: If i have an SSID that has an interface group linked to it, can i fail it over on other controller where there may be a single WLAN linked to it.?

Interface groups only works for centrally switch not locally switch

2:Do we need the subnet masks to be same at both ends?

See #1

3: if i have an SSID with open authentication, can i configure the remote network SSID with no authentication?

if you configure an SSID with open authentication, then all APs that have that SSID assigned to it will use that. Open authentication is the same as no authentication.

4: can any one link me up with a document that explains configuration case study of the flex-connect mode fail over scenarios.

Do a search on Google for "FlexConnect deployment guide". That will have links to failover.

-Scott

-Scott
*** Please rate helpful posts ***

niketan sutar · ‎02-18-2015

hi Scott,

Sorry for replyimg late. and thanks for your reply and suggestion.

it did help me a lot, but now i am in a tiff.

the thing is my client has following existing scenario:

he has 6 disparate locations with a standalone 5508 WLC at each location.

he is now planning to configure AP failover for every location.

we are using the Flex-connect design as he has not procured a HA-SSO license.

also the WLC are not in same location.

the Flex-connect design is with Local Switching and local Auth.

there are 2 SSID which are causing me issues.

1: SSID A is linked to an interface group which has multiple vlans.

2: SSID B shares its WLAN interface with another SSID (the wlan is split between 2 different SSID)

we need local switching for these and also they need to have local auth.

so if i remove the interface group for SSID A and use a bigger subnet, what will be the best possible mask to use considering that the ARP and DHCP broadcast shouldn't choke up the network (existing subnets are /21 and /22). or any workaround to minimise the network activity.

and for SSID b what is the configuration i would need to do on the secondary controller or is it just that the SSID needs to be present on the controller and the mask need not be same.

sorry for troubling you and thanks in advance

Niiketan Sutar.

:-)

Scott Fella · ‎02-19-2015

If you have WLCs in all sites, then my what you need to determine is if FlexConnect is really your best design. There are limitations to FlexConnect and to be honest, why have a controller in each site if your doing FlexConnect? All your data is locally switched, so you can actually bring all the wlcs back to your DC and have redundancy.

If you go with FlexConnect still, then how large of a subnet? You should create a subnet that is large enough for your clients devices today and for growth in the next few years. If the subnet is very large and you don't want to really have that large of a subnet, then FlexConnect isn't best for your design. FlexConnect is great for smaller sites so subnet size isn't an issue. /21-/23 shouldn't be an issue in my opinion, but you need to agree on that also. If they purchase an HA redundant for each site, now your converting the APs to local mode and then your cleaning up the configuration in all ap switch ports to make then an access port. That's a lot of work if you have many access points. It's very hard to answer your question without really knowing what's in place, what all the requirements are and what is the plan in the future. Hopefully I gave you some ideas.

-Scott

-Scott
*** Please rate helpful posts ***

niketan sutar · ‎02-25-2015

thanks a lot scott...

have definitely got major pointers to work on following your advice.

niketan sutar · ‎02-25-2015

a few more now:

1: when applying a flex-connect ap group config.. in general tab of group, we have a facility to add only 2 auth servers, what if more are required ?

2: how will we plan a failover if a single interface is attached to 2 different SSID.

thanks in advance.

pankaj.bandewar · ‎10-25-2016

Hi niketan sutar Sir,

Am in the Same Issue now.

2 sites having their 2504 controller and APs but customer want to failover these APs to HQ controller which is geographically separated.

when APs failover to remote controller it does broadcasts the SSID from remote controller but when client connect to it it only gets the IPs from the APs subnet (management in my case) not from the respective WLAN subnet ...?

(we have two Common WLAN and SSID at HQ and Site controller diff.subnets)

what i want is when APs failover to remote and it broadcasts common WLANs and when clients connects to one of them ..the user should get the IPs from the Sites respective subnet....?

is this possible to configure ...? if yes can you share how i can do this...?

niketan sutar · ‎10-25-2016

Here is how it will be:

HQ Remote Site

AP-Group1: HQ_Group APGroup1: HQ_Group

AP-Group2: RS_Group AP-Group2: RS_Group

WLAN1 - mapped to VLAN: X WLAN1 - mapped to VLAN: X (Same ID)

WLAN2 - mapped to VLAN: Y WLAN2 - mapped to VLAN: Y

Put all AP in HQ in HQ_Group on HQ controller. Repeate the same on RS controllers for Remote site.

Also Create Flexconnect AP-Groups and MAP the Flex - WLAN's to their respective VLAN's accordingly. Ensure that the names are same and even cases of alphabets used are same.

basically, the configuration should be exact replica on both controllers with respect to AP groups.

also, ensure you have adequate number of AP license to accomodate both side access points on both controllers.

Hoe this helps...!!!!

for any further explainations, please dont hesitate to ping back !.!.!

pankaj.bandewar · ‎10-25-2016

Sir,

TAC has suggested something different or it is one and the same ...

here it is..

This is a summary of what we discussed:

A flexconnect AP is connected to the primary controller.
It is added to the AP default group.
When the primary WLC fails the AP will move to a secondary WLC.
The issue is occurring with 2 WLANs: VG-WiFi and VG-Guest.
At the primary controller:
- VG-WiFi is mapped to interface wlcomd which will give the clients an IP from 172.17.59.0/24 subnet.
- FlexConnect is configured for central switching.
- VG-Guest is mapped to interface wlguest which will give the clients an IP from 172.16.2.0/24 subnet.
- FlexConnect is configured for central switching.
At the Secondary controller:
- VG-WiFi is mapped to the management interface.
- FlexConnect is configured for local switching.
- The clients will get an IP address based on the AP configuration.
- VG-Guest is mapped to the management interface.
- FlexConnect is configured for local switching.
- The clients will get an IP address based on the AP configuration.
This inconstancy is causing the clients to take IPs from undesired subnets.

To solve this issue follow these steps:

Create 2 new interfaces on the secondary WLC with the same configuration as the ones on the primary WLC.

Go to CONTROLLER tab.
From the side bar select Interface.
At the new page select New.
Fill the new interface proprieties based on the corresponding interface at the primary WLC.

Change the interface mapping at both WLANs.

Go to WLAN tab.
Select the WLAN.
At the General tab add the new interface from Interface/Interface Group(G) drop down list.

Set the flexconnect configuration at the secondary WLC for both VG-WiFi and VG-Guest to central switching.

Go to WLAN tab.
Select the WLAN.
At the Advanced tab uncheck the FlexConnect Local Switching radio button.

Please tell me how it goes. Feel free to contact me if you have any questions.

Scott Fella · ‎10-25-2016

With FlexConnect, you need to make sure that your wlans are in the same order and configured the same way. If your using AP groups, make sure that the names are also identical and the configuration on the AP group is identical. You also need to look at what the SSID is mapping the vlan to and verify that local switching is either enabled to match the remote site WLAN setting or disabled. If centrally switching, then you need to ensure that you have sinners defend on HQ and interfaces defined also on the HQ controller.

What seems to be happening is when you failover, the HQ controller doesn't have the setting defined the same so the AP has lost the vlan mappings.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

pankaj.bandewar · ‎10-25-2016

Hi niketan sutar Sir,

Can i contact you by any other meas ..> Cell phone or email or WebEx or skype ..

awaiting for your valuable response.

niketan sutar · ‎10-25-2016

hi pankaj,

i am accessible on sutar.niketan@gmail.com

i am based out of Qatar, my local number here in Qatar is +974 5029 4038.

I understand your issue and we can get it sorted out no problem.

What Scott has replied is exactly to the point of what needs to be done.

gohussai · ‎02-27-2015

I have done the testing and got the same answer as scott.

Note:

Following is the doumentation for your review.

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112042-technote-product-00.html