Solved: internet anchor redundancy

cedar_lee · ‎01-20-2014

Hi experts,

We have two main data centers. Currently we have two WLC4402 in the same data center as internet anchors for two different guest SSIDs. They are sitting on different DMZs.

We are planning to replace them with two WLC5508 and have guest internet redundancy as well.

May I please what would be the best option?

Currently there are three options in my mind.

Option 1, build a HA pair in the same data center with both guest SSIDs configured.

Option 2, put one WLC5508 in one data center and the other WLC5508 in the other data center. Each WLC5508 has both guest SSIDs configured.

Option 3, put both WLC5508 in the same data center but not HA pair. Each WLC5508 has both guest SSIDs configured.

Your feedback will be appreciated.

Thanks

Cedar

Scott Fella · ‎01-20-2014

Option 1 I wouldn't do at all... Option 2 and then option 3 would be my choice. With option2, you will not be able to define the traffic flow to primary one DC and backup to the other. The foreign WLC will load balance that traffic. If that is an issue, the option 3 is your best.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎01-20-2014

Option 1 I wouldn't do at all... Option 2 and then option 3 would be my choice. With option2, you will not be able to define the traffic flow to primary one DC and backup to the other. The foreign WLC will load balance that traffic. If that is an issue, the option 3 is your best.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

cedar_lee · ‎01-20-2014

Hi Scott,

Thanks to your quick response. Sounds like option 3 might be my best option. However, may I know the reason why HA is not good? Because of the WLC software version not supported or something else?

Thanks,

Cedar

Scott Fella · ‎01-20-2014

Why do HA on Guest Anchors... to me I just don't see any benefit.... AP SSO doesn't work since AP's are not joined to these WLC. Client SSO only seems to work on foreign WLC's. Again, it's really up to you and if you plan on doing HA, make sure you stick with v7.4.110.0 which seems pretty stable. Others are also running v7.5 and v7.6, but I haven't unless the customer requires certain features.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

cedar_lee · ‎01-20-2014

Hi Scott,

That's right. AP SSO and client SSO are the main benefits of the HA. For anchors, they are not. And we can have better flexability to do maintenance when we do not have HA.

Thanks so much!

Cedar

Scott Fella · ‎01-20-2014

You hit the nail on the head.... "Better flexibility"

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Nicholas Poole · ‎02-05-2014

I raised the issue of WLC anchor HA via Cisco Partner Helpline or PDI Helpdesk (cant rememeber exactly who) but the answer back was, and I paraphrase....

...we (Cisco) dont have a public doc for this but the WLC in HA pair can be anchor WLC, assuming you have a 5508-HA/50 licenses minimum and 7.5 code and setup SSO. Testing needs to be done before we can validate this design, but it has been reported to work.

I havent got around to trying this yet though.

Scott Fella · ‎02-05-2014

Here is the thing... why even have it in HA? Set it up as two seperate anchors and have the foreign WLC choose which anchor to send the traffic to. This would be more of an N+1 design, but both active.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***