Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1925
Views
0
Helpful
12
Replies

LAG on 5520 WLC in SSO with two different switch

Go to solution
ahmad.syed
Level 1
Level 1

‎12-21-2018 05:33 AM - edited ‎07-05-2021 09:37 AM

Hi All,

 

I need your help in design one Wireless Network. We have 5520 WLC in SSO and its port are connected with two different switch. Please suggest, can we create LAG on WLC and ether channel on two different switch to have port level redundancy. IF yes,please suggest how?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎12-27-2018 08:05 AM

LAG is recommended for SSO, your design would not have LAG enabled. If you were not to use SSO and use N+1, your wlc would only have one port to the DMZ, so no failover would happen. It seem like you want to use SSO and your management is connected to the core and you are using the RP on the DMZ to make sure you have redundancy for that. This is something you would need to test and it might not be supported by TAC, so that would be a risk on your end. It would seem to be better to have the all the wlc interface on the core and then have a cable connected to the core to the DMZ on an isolated vlan.
-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
12 Replies 12

Go to solution
pieterh
VIP
VIP

‎12-21-2018 06:25 AM

connection to two different "normal"switches will not form an etherchannel

it needs to be a stack/VSS/VSL  before you can configure a multichassis etherchannel.

0 Helpful

Go to solution
ahmad.syed
Level 1
Level 1
In response to pieterh

‎12-23-2018 10:28 PM

Hi 

Thanks for reply

we have two 5520 WLC and both are on different data center. both ports of each WLC are connected with core switch and DMZ switch. Core switch , is in VSS but DMZ switch is not have stack or VSS or VSL. Now, if we create SSO between both WLC and port connected with DMZ switch down, how WLC get to know, my one DMZ port down and now traffic should with standby WLC whose one port is in DMZ and working

 

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎12-21-2018 02:43 PM

@ahmad.syed wrote:

We have 5520 WLC in SSO and its port are connected with two different switch. Please suggest, can we create LAG on WLC and ether channel on two different switch to have port level redundancy. 

Are the two switches in a "stack" or VSS or not?

0 Helpful

Go to solution
ahmad.syed
Level 1
Level 1
In response to Leo Laohoo

‎12-23-2018 10:29 PM

Not in Stack or VSS. Below is more description of connectivity. 

 

 

we have two 5520 WLC and both are on different data center. both ports of each WLC are connected with core switch and DMZ switch. Core switch , is in VSS but DMZ switch is not have stack or VSS or VSL. Now, if we create SSO between both WLC and port connected with DMZ switch down, how WLC get to know, my one DMZ port down and now traffic should with standby WLC whose one port is in DMZ and working

0 Helpful

Go to solution
ammahend
VIP
VIP
In response to ahmad.syed

‎12-25-2018 09:10 AM

can you upload a topology, showing exactly how its connected with port details, proferably IP and vlan details as well ?

-hope this helps-
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎12-25-2018 09:25 AM

Bottom line is that you should not use SSO if you are not extending the vlans/subnets to each of your DC. If each DC has its own subnets for management, RP, user subnets, etc. then you need to design N+1 and not SSO.
-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
ahmad.syed
Level 1
Level 1
In response to Scott Fella

‎12-26-2018 03:10 AM

Hi Scott,

Thanks for sharing inputs. 

Each DC not have own management or user Subnet . We are creating SSO over vlan by creating L2 vlan on switch port connected with RP port. Same L2 vlan create on switch which is connected with other WLC RP Port present in other DC.

Management Subnet will be same for both DC. Please suggest , how to proceed to create SSO & port level redundancy

 

 

Regards

Imteyaz 

 

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎12-26-2018 08:30 AM

It’s simple... since your management vlans are spanned across the DC (same subnet), that is all you need for your RP and user traffic. Just make sure the latency for the RP is met because that is the key and thus why Cisco wants the controllers in the same location if possible.
-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
ahmad.syed
Level 1
Level 1
In response to Scott Fella

‎12-26-2018 10:47 PM

Hi Scott,

Thanks for your inputs.

Please suggest, what is the recommended latency for RP ports.

if we create SSO between both WLC through VSS switch and port connected with DMZ switch down, how WLC get to know, my one DMZ port down and now traffic should with standby WLC whose one port is in DMZ and working.

Diagram attached

Preview file
105 KB
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎12-26-2018 11:11 PM

Here is a guide to read. This will explains SSO and how it is suppose to be deployed. It will also explain how failover happens.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html
-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
ahmad.syed
Level 1
Level 1
In response to Scott Fella

‎12-27-2018 05:42 AM

Hi Scott,

I got the answer for SSO . But as i uploaded network diagram, Port2 connected with DMZ from each DC . Now if Active WLC port2 connected with DMZ switch got down, is switchover happened? 

Note: My management interface is from Port1 which is connected with VSS switch

 

Regards

Imteyaz 

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎12-27-2018 08:05 AM

LAG is recommended for SSO, your design would not have LAG enabled. If you were not to use SSO and use N+1, your wlc would only have one port to the DMZ, so no failover would happen. It seem like you want to use SSO and your management is connected to the core and you are using the RP on the DMZ to make sure you have redundancy for that. This is something you would need to test and it might not be supported by TAC, so that would be a risk on your end. It would seem to be better to have the all the wlc interface on the core and then have a cable connected to the core to the DMZ on an isolated vlan.
-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card