So unless the controllers can talk on the RP ports via layer 2 vlan, it will not work?

So unless the controllers can talk on the RP ports via layer 2 vlan, it will not work?

Correct.  HA SSO won't work so you'll wind up using the old method of Primary/Secondary/Tertiary Controller.

And without HA SSO and using the old method I am going to have client connection issues as the APs will change controllers which will essentially be new IP subnets.

This is why you must look at your design and understand what the "risk" are during a failover.  Not a big fan of having controllers separated between L3 domains due to how traffic will flow.  If that is your design, then yes, clients will have to re-ip if AP's move to the other controller.  In FlexConnect local switching you wouldn't have that issue however.

-Scott 

*** Please rate helpful posts *** 

We have some sites that are flexconnect, but not all. It depends on the location and the business requirements. 

So take a good look at your design and see if that works or not. How you design redundancy will determine how much downtime users will see and the risk.

you have two methods, local and flex... how your traffic is going to flow will or how you want it to flow will determine what is best for you.

-Scott 

*** Please rate helpful posts *** 

HA or not, when controllers are disjoint via layer 3 boundary the outcome will be the same with clients that tunnel back to the controller correct? 

That is correct if centrally switched. That is why you try to keep the pairs in the same L2.  Separated by L3 you start bringing in risk especially if AP's move to the other controller, now the controller pair has to setup mobility for that device for roaming. 

-Scott 

*** Please rate helpful posts *** 

So with mobility groups this can be achieved? 

Mobility groups are required when using N+1, however if an AP moves by chance to thenother controller, users will drop and have to request a dhcp again. This is the risk.

-Scott 

*** Please rate helpful posts *** 

So the only way to really makes this seamless....is to connect the WLCs and their corresponding networks and client networks over a layer 2 topology from datacenter to datacenter by trunking over the WAN or using something like OTV.

Now I am just thinking outloud here but what if I put half of a locations APs on controller 1 and the other half on controller 2....i would still get disconnects in the event of an AP moving but not affect the entire site? 

How do FlexConnect APs operating in Connected mode respond to a failover in a N+1 scenario? The APs maintain capwap to the controller in the connected mode, so when the APs failover to the backup controller do the clients notice this since the APs will need to go through the capwap process for the backup controller?

So what is the difference between the HA SSO design and the N+1 design? The N+1 design will not allow AP SSO so essentially the APs will drop from the primary in the event of a failover and have go through the whole capwap process for the backup controller. 

Both deisgns require the HA SKU it seems. Now with the HA SSO the controllers will maintain the states of the APs and Clients from the primary controller. Like when configuring HA with Cisco ASA's. 

Now is it that the HA SSO can only support one primary and one backup, unlike N+1 that can do multiple primary controllers and one backup?