WLC Redundancy

Unanswered Question
May 14th, 2007
User Badges:

Hi,


I will be deploying 2 units of WLC4402, which run as active-passive (all the LAP will be registered to the primary WLC, the secondary WLC will only come up when the primary WLC fails).


Since I will be creating multiple VLAN to be associated to the WLAN(SSID) on both WLC,


1) May I know the VLAN IP address of the 2 WLC are the same or it must be different?


ANd we plan to have the LAP and WLC to be in the same subnet, does that means I will be running on Layer 2?


2) and if this is the case, I do not need DHCP option 45, right?


I'm new to the Unified wireless, and I can't seems to find the answer anywhere..or maybe I'm in the wrong URL..


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
DigitalAirWireless Mon, 05/14/2007 - 04:51
User Badges:

Hi there,

i have reciently set this up for a client and used the floowing great document.


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008064a294.shtml


If you re looking to redundancy then make sure that you have both controlers in the same mobility group and configure each WLC with the others MAC address under the Mobility group section. Controller>> Mobility management> Mobility Groups (4.1.171.0 software)


Also configure the primary and secondary controllers on all AP's (make sure that you you use the controller's system name and not ip address)


also make sure that you have the same WLAN and security configured on each controller.


In answer to you specific questions the ap addresses on the interfaces on the controllers must be different but should be in the same VLAN


No you do not need option 45? (43!) but i would always use it hwere possible.


Best things is give the docement a good read, if you have any more questions, post back


Hope this has helped,


Mark


*Pls rate all useful posts

naive.naive Tue, 05/15/2007 - 03:52
User Badges:

sorry my typo error, it dhcp option 43...


but i do not have any dns server, can i stil use the system name instead of the ip address?

DigitalAirWireless Tue, 05/15/2007 - 05:41
User Badges:

Yes DOT NOT USE an ip address in that field. It is not using DNS with the system name.


I use the WCS software when configuring more than one WLC, that way you can creat templates and then push them to the controller, makes it a lot more easier!!


Cheers


Mark


*Pls rate all useful posts

naive.naive Tue, 05/15/2007 - 05:47
User Badges:

but if i do not have a DNS server, can i still use the system name??


do the LAP know how to resolve the WLC name to an IP address if there are no dns server?

Rajesh Kongath Tue, 10/23/2007 - 01:44
User Badges:

anybody can reply naive.naive's messege. I also having the same scenario, we do have two controllers with out DNS server inside the network, how we can configure failover by giving only the name?


Thanks

ankbhasi Tue, 10/23/2007 - 03:53
User Badges:
  • Cisco Employee,

Hi Rajesh/Naive,


You have to configure controller system name in primary and secondary controller option for all APs. It is not related to dns. When AP boots up controller exchange some control messages with AP and it updates it system name.


So once you configure primary and secondary controller system name it gets updated in AP and when primary controller is not available AP discovers secondary controller because it keep exchanging those messages.


HTH


Ankur


*Pls rate all helpfull post

Rajesh Kongath Tue, 10/23/2007 - 04:10
User Badges:

Ankur,


I had tried the same, we given controller name in the AP list, and i tried to switch of the primary controller but ap didnt get register to the second controller. pls note that i hve given static IPs to the APs and both the controller are in different subnet. kindly refer the attached images for more information


thanks in advance

Raj



Attachment: 
dennischolmes Tue, 10/23/2007 - 06:16
User Badges:
  • Gold, 750 points or more

Assignment of Primary, secondary, and tertiary controllers to the APs does not guarantee that you will reassociate to those controllers. There are a lot of factors involved with failover. Please see the attached documentation. Attached is a configuration example and a couple of slides that depict the LWAPP discovery process as a flow chart.



Rajesh Kongath Tue, 10/23/2007 - 06:36
User Badges:

Thanks for the prompt response.


We followed the same pdf only; i few questions on that.

1 as i mentioned before, for finding the second controller in the discovery process, is that necessory to have a dns in the local network to resolve the sysname?


2 if there is no DNS then how the AP able to resolve the IP of a secondary controller which is residing in a different subnet?


3 We have configured static IPs insted of option 43, will it make any difference.


4 Can u suggest any command which can able to diagonose this case?


Thanks for helping me


Raj

dennischolmes Tue, 10/23/2007 - 06:40
User Badges:
  • Gold, 750 points or more

1. DNS entry is required to be available on the local network.

2. It couldn't resolve the name due to there being no DNS server to handle the resolution of host name to ip address.

3. Static IPs can cause problems with duplicate address issues as well as being more vulnerable to DOS attacks.

4. Do an LWAPP debug all and follow the process to see where it fails.

Rajesh Kongath Tue, 10/23/2007 - 06:53
User Badges:

thanks dennis. Do you have any command which i can add secondary controller as i did for primary controller (lwapp controller ip address ) ?


Thanks

raj



dennischolmes Tue, 10/23/2007 - 07:10
User Badges:
  • Gold, 750 points or more

Under the configuration for each AP is a box for the sysyem name of the Primary, Secondary, and Tertiary controllers. Simply fill in these boxes and failover will do its best.

Rajesh Kongath Tue, 10/23/2007 - 06:59
User Badges:

thanks dennis. Do you have any command which i can add secondary controller as i did for primary controller (lwapp controller ip address ) ?


Thanks

raj



ankbhasi Tue, 10/23/2007 - 07:29
User Badges:
  • Cisco Employee,

Hi Raj,


First thing no DNS resolution is required when you configure primary,secondary and tertiary controller for each ap.


Now the command is


config ap primary-base


config ap secondary-base


config ap tertiary-base


Failover will only happen when you configure mobility group properly and if primary controller in not reachable then it will fall back to secondary controller.


If this is not working for you can you paste me the output of "sh mobility summary"?


HTH


Ankur


*Pls rate all helpfull post

Rajesh Kongath Tue, 10/23/2007 - 07:38
User Badges:

Thanks Ankur, Please find the command out put what you have requested.


Controller 1:


(WLC-ITC1) >show mobility summary


Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... ITCMOBGROUP

Mobility Keepalive interval...................... 10

Mobility Keepalive count......................... 3

Mobility Group members configured................ 2


Controllers configured in the Mobility Group

MAC Address IP Address Group Name Status

00:18:ba:49:75:60 10.17.211.15 ITCMOBGROUP Up

00:18:ba:49:77:a0 10.17.209.15 Up


Controller 2:


Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... ITCMOBGROUP

Mobility Keepalive interval...................... 10

Mobility Keepalive count......................... 3

Mobility Group members configured................ 2


Controllers configured in the Mobility Group

MAC Address IP Address Group Name Status

00:18:ba:49:75:60 10.17.211.15 Up

00:18:ba:49:77:a0 10.17.209.15 ITCMOBGROUP Up


Could you please confirm the configuration is correct or not?


thanks


raj


ankbhasi Tue, 10/23/2007 - 07:42
User Badges:
  • Cisco Employee,

Hi Raj,


Your config and output makes me believe your mobility should work fine. Is your AP fallback not working?


Regards,


Ankur

dennischolmes Tue, 10/23/2007 - 07:38
User Badges:
  • Gold, 750 points or more

Initial discovery of a controller is required for an AP to associate to a controller. After that, the AP learns the location of controllers within the mobility group. Maybe I was a little confusing there.



Rajesh Kongath Tue, 10/23/2007 - 08:01
User Badges:

Thanks Dennis and Ankur... after restarting all the APs once again, it worked. i tested both the way, its working fine. Thank you for helping me.


regards


raj



Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode