Solved: WLC 9800 HA N+1 - AP not falling back to primary WLC

shadowplay101 · ‎11-15-2021

I have a very simple setup:

WLC1 (172.16.0.250) = Primary
BACKUP (172.16.0.251) = Backup

When the Primary goes offline, my AP moves to the BACKUP wlc as expected

However, when the Primary comes back online, the AP remains in the BACKUP and does not "fallback" to the Primary WLC

This is what I have configured in WLC1 (Backup does not have this configuration)

ap profile My_APGroup
 capwap backup primary WLC1 172.16.0.250
 capwap backup secondary BACKUP 172.16.0.251

What am I missing? Why isn't my AP falling back to the primary WLC?

Am I required to configure each AP with a "Primary Controller"? (I thought this was not required)

Thanks for the help !

Arshad Safrulla · ‎11-16-2021

The option of AP Fallback being located in the AP Join profile is a bit misleading and causes confusion. Fallback is not applicable for primary backup and secondary backup controllers which exists on the ap join profile. Now the confusion is, Since fallback is on the Ap join profile page, people expect it to fallback to the primary backup controller, whenever the controller comes up. This will not work for the reason mentioned in the first line. In order to avoid this confusion, we have requested Cisco to remove the fallback option from ap join profile and into the general configuration. Currently it does work for a specific group of APs on the AP Join Profile, but only for the (primary/secondary/tertiary) configs which exists per AP, and NOT for the primary / backup which exists on the AP join profile.

So if you need fallback to work properly you must configure both primary & Secondary WLC's under the AP iteself.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

Arshad Safrulla · ‎11-15-2021

Enable AP fallback under the AP join profile. You need to have same tags assigned to the AP across both controllers. I would suggest using Cisco Prime for auto config sync between controllers, if not you have to do it manually.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

shadowplay101 · ‎11-16-2021

Thank you for replying

I have the option "AP Fall Back to primary" enabled (see screenshot below)

I don't have Prime.

Thanks for the help

Sandeep Choudhary · ‎11-15-2021

Additionally make sure that the high availability you defined on each AP is correct. The controller host name is case sensitive.

Regards

Dont forget to rate helpful posts

shadowplay101 · ‎11-16-2021

Thank you, but I thought it was not required to configure each AP with a Primary WLC?

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-4/deployment-guide/c9800-n-plus-1-high-availability-wp.pdf states there are two ways to configure N+1 High Availability on the Catalyst 9800:

Using the AP join Profiles

or

High Availability configuration individually on the Access point.

I was trying to use the AP join profile to avoid having to configure every AP with a primary wlc

Thanks for help

Arshad Safrulla · ‎11-16-2021

The option of AP Fallback being located in the AP Join profile is a bit misleading and causes confusion. Fallback is not applicable for primary backup and secondary backup controllers which exists on the ap join profile. Now the confusion is, Since fallback is on the Ap join profile page, people expect it to fallback to the primary backup controller, whenever the controller comes up. This will not work for the reason mentioned in the first line. In order to avoid this confusion, we have requested Cisco to remove the fallback option from ap join profile and into the general configuration. Currently it does work for a specific group of APs on the AP Join Profile, but only for the (primary/secondary/tertiary) configs which exists per AP, and NOT for the primary / backup which exists on the AP join profile.

So if you need fallback to work properly you must configure both primary & Secondary WLC's under the AP iteself.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

shadowplay101 · ‎11-16-2021

Thank you! I've been banging my head for a few days trying to make this work.

Is this also true for all Cisco WLCs such as the 3504?

Wouldn't it make sense for AP fallback to work for the "backup" wlc? Why does Cisco want us to configure each AP?

Sdiana · ‎03-02-2022

Hi Arshad,

I am not quite sure about the IP which I should use when I configure primary/backup WLC? Is it the service port Management IP or WAP management IP? these IPs 172.16.0.250 & 172.16.0.251?

WLC1 (172.16.0.250) = Primary
BACKUP (172.16.0.251) = Backup

Scott Fella · ‎03-02-2022

When you setup high availability on the access points, you need the hostname, which is case sensitive and the management ip of the controller. Service port should never be routable to prevent issues. Service port should be looked at as out of band.

-Scott
*** Please rate helpful posts ***

Arshad Safrulla · ‎03-03-2022

It must be a AP manager interface, 9800's doesn’t have multiple AP Manager interfaces, as AireOS does. It uses only one interface for CAPWAP termination: the WMI. From Cisco IOS XE Bengaluru 17.6.1, Ethernet Service Port (Management Interface VRF/GigabitEthernet 0) is supported to be used as WMI (AP manager) interface in 9800's as per the documentation.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Arshad Safrulla · ‎11-16-2021

I can confirm this is valid only for 9800. I am not sure about AireOS and I haven't tested this in any AireOS WLC's yet.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Scott Fella · ‎11-16-2021

I don't know where you are with this, but a few things I would like to call out. You should have your ap profile defined on the secondary controller also:

ap profile My_APGroup
 capwap backup primary WLC1 172.16.0.250
 capwap backup secondary BACKUP 172.16.0.251

Another way to do this is to use the filters, this way you can use regex to apply tags automatically so that its somewhat automated. This is what I use on the 9800's and its pretty simple. Keep in mind that you have a few options, you can define static tags and then location tags and you choose the priority.

I run a few 9800's in N+1 and have no issues with the ap's moving back to the primary I have set. Also, for AireOS, the way that is set is using the high availability on each ap. Like what was already mentioned, you need to make sure the name is exactly the same as the hostname of the device and it is case sensitive or else it will not work.

-Scott
*** Please rate helpful posts ***

shadowplay101 · ‎11-20-2021

Thank you, but for the AP "fallback" to work correctly, do I still need to configure a primary & Secondary WLC's under the AP itself? or will the "filter" method that you mentioned eliminate the need to configure every AP?

Thank you!

Scott Fella · ‎11-20-2021

It’s up to you what you want to do. You can just use the filters, but you need that configured on all controllers. This is different from AireOS, because the high availability is defined on the ap which is saved even during a reboot. My suggestion is to test and determine which works best for you. Everyone has their preferences on what they like and don’t like to do.

-Scott
*** Please rate helpful posts ***

Arshad Safrulla · ‎11-21-2021

To verify whether the Primary, Backup and Territory controllers are updated under each AP you can use "show capwap client config"

In my case configuring this under AP join profile never reflected in the AP, and therefor we had our Cisco SE and TAC involved and the above reply was provided by them (Our WLC's are running 16.12.X codes and 17.3.3 + codes)

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla