05-15-2015 05:56 AM - edited 07-05-2021 03:14 AM
Hello,
Our custommer has two controllers in two different locations. For certain reasons all of the APs are in Flex Connet mode.
We want to implement a failover solution so if one of the controllers fails, the APs in this location to be able to register with the second controller.
My question is how to do that with regard to the IP networks and VLANs. In location A we have for example VLANs 3,4 and 5 with networks 192.168.3.0, 192.168.4.0 and 192.168.5.0. In location B we have for example VLANs 6,7 and 8 with networks 192.168.6.0, 192.168.7.0 and 192.168.8.0.
How should I configure the controller in location B so when controllers A fails, the APs in site A to continue to work with their previous IP networks?
Is this scenario possible?
Solved! Go to Solution.
05-16-2015 07:57 AM
In your case, if all your WLAN's are configured for FlexConnect local switching, then you don't need to have a valid interface. What I mean is that I would typically create a bogus/black hole interface and map that interface to all the FlexConnect WLAN's. Since you are using NPS to assign the true interface that the user will be placed on, then the WLAN to interface mapping on the WLC can be anything you want.
It is only if your tunneling traffic back to both controllers that you need to having interfaces on the same subnet on all controllers that are used for failover. FlexConnect central switching is just like local mode. If your using local switching then the interface on the WLAN does not matter.
-Scott
05-15-2015 05:17 PM
There are currently two methods of doing APs fail-over implementation (regardless of physical location of the two WLC).
First method is using HA SSO. The main point to consider for this are:
1. Redundant Ports must be in the same Layer 2, VLAN. No Layer 3 allowed.
2. The Management IP address of both controllers must be in the same subnet and the same VLAN.
The second method is using the old method of assigning primary/secondary/tertiary WLC controller details (globally or on a per-AP basis). With this method, fail-over of the APs can sometimes take a minimum of 20 seconds.
05-16-2015 12:55 AM
05-16-2015 03:03 AM
For the second method to work, the configuration of the two controllers must be the same (except the IP addresses). This also includes the "allowed-vlans" on the switch port trunks and the AP groups.
05-16-2015 07:25 AM
What I try to explain to my customers and peers when deciding where the controllers should go is, do you have the clans in both locations or not? I think the best way to implement a backup or redundant controller is if both controllers can have the interfaces on the same subnet. User subnets are important here especially if you have static addresses on some devices, using mac reservations and or devices don't request for a new DHCP address. When placing a controller in different locations with different subnets, if there is a failover, then devices will be placed on the clan at the backup controller location. This can work if devices are all DHCP and when reassiciating to the SSID, they request a new address.
This is for N+1 like Leo mentioned. SSO, you need them together and the subnets must match.
-Scott
05-16-2015 07:47 AM
05-16-2015 07:57 AM
In your case, if all your WLAN's are configured for FlexConnect local switching, then you don't need to have a valid interface. What I mean is that I would typically create a bogus/black hole interface and map that interface to all the FlexConnect WLAN's. Since you are using NPS to assign the true interface that the user will be placed on, then the WLAN to interface mapping on the WLC can be anything you want.
It is only if your tunneling traffic back to both controllers that you need to having interfaces on the same subnet on all controllers that are used for failover. FlexConnect central switching is just like local mode. If your using local switching then the interface on the WLAN does not matter.
-Scott
05-16-2015 08:02 AM
05-16-2015 08:03 AM
No problem. Hope that helped explain things.
-Scott
05-29-2015 12:38 AM
I have another question, before deploying the solution.
In normal conditions AP 1 is registerd with the controller A and is placed in AP Group X. When controller A fails and the AP registers with controller B where this AP Group X is also defined.
Do the AP 1 will automaticaly join this group or it will go in the default group?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide