11-23-2023 09:28 PM
Hi, I have 2x sites, each site have 2x WLC with SSO. Can I configure N+1 HA between the two sites while maintaining the SSO HA within the sites? thanks
11-24-2023 01:56 AM
- Do you think this question make sense ? If so , could you elaborate and explain why this is a useful question ?
M.
11-24-2023 02:02 AM
Hi @marce1000 , I think it is a valid question for those use cases which cannot meet the requirements of the SSO HA but wanted to have a fully redundant mechanism hence looking if an additional N+1 HA can be done between two sites. Thanks
11-24-2023 02:15 AM
- I personally believe it is far from a valid question because usually the two sites will serve different purposes including different SSID's and networks, it then makes no sense for APs to jump between sites ,let alone that it will probably even not be possible due to perimeter and firewalling restrictions (e.g.) The basic idea behind N+1 is that it is local and that controllers have symmetrical configurations.
So basically in your example the local SSO HA is indented to be per site high availability and should be sufficient
M.
11-24-2023 02:48 AM
What wlc platform you have?
11-24-2023 08:43 AM
Yes that's exactly what we do to achieve 99.99% availability.
Configure mobility between them and make sure you keep the configs in sync.
Our WLCs are in central data centres and sites are remote. It might make less sense if the APs are in the same location as the WLCs but doesn't mean you can't do it.
11-26-2023 01:14 PM
I have a WLC in SSO in one data centre and the APs are configured to a N+1 incase the data centre fails.
So technically you can, however if APs are in local mode the same VLANs need to exist on each side, and if different subnets then it wont be a seamless failover for the clients. You also need the same config on both sides.
Given your WLCs are at site this HA solution doesnt give you any advantage as generally the SSO cluster at a site would connect to different core switches and idenally be in different comms rooms, so generally speaking the site would be down for the APs to not see a WLC at the site (double hardware failure is extreamely rare).
11-27-2023 09:40 PM
I have a similar configuration.. SSO (9800-80) in the main DC, and Single WLC(9800-80) in the backup DC. The underlying network is exactly the same, and this gives me almost 100% uptime for my clients.
I have a mobility tunnel between both, It helps to reduce the stress when you upgrade or any patching.. I am not a fan of ISSU. ,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide