WLC Mobility groups and fail-over

Unanswered Question
Dec 1st, 2008
User Badges:


I would like some clarification on the Mobility groups behaviors. We have 2 WLC 4402 (wlc-a and wlc-b) setup on the same DMZ and 30 AP connecting to the first one (wlc-a). We have setup the same mobility groups on both WLC. AP failover betwen the WLC works fine: if wlc-a disappears all APs go to wlc-b. But the connected clients suffer from this transition (using webauth, dhcp is provided by the wlc). We triied a couple of configuration options but are still facing the same issues at the end.

1- we tried to configure 2 different dhcp pools for the users. When wlc-a fails, APs moves to wlc-b (good), but client needs to negotiate a new IP and therefor looses any existing connections.

2- we tried to configure the same DHCP pool on both WLCs. Obvioulsy this is not a good idea as you end up allocating the same IPs to different clients.

3- we tried to configure the same DHCP on both WLCs and created an anchor to wlc-a. This works fine if wlc-b fails, the transition is seamingless for the clients. But not if wlc-a fails, wlc-b "refuses" to give an IP to the users.

I'm a bit puzzled by the problem and can't find what I'm missing. I was thinking that the two wlc would be able to provide (near) transparent failover for the clients (at least they should not have to get a new IP and reauthenticate).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dziminski Mon, 12/01/2008 - 11:10
User Badges:

I think option 2 is your best bet, but use an external DHCP server. That way your DHCP is independent of the controllers.

gamccall Mon, 12/01/2008 - 12:25
User Badges:
  • Silver, 250 points or more

Yep. External DHCP is the way to go here. Make addressing completely independent of the controller infrastructure.

Take a look at www.infoblox.com if you're worried about your DHCP server being a single point of failure on your network. They make a very nice clusterable network services appliance.

dziminski Mon, 12/01/2008 - 12:27
User Badges:

Also, the controller allows for a primary and backup DHCP server address, so that works nicely with a clustered DHCP service.

Scott Fella Mon, 12/01/2008 - 12:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If you failove a wlc-a so that the ap's move to wlc-b, you will have webauth client's loose their connection thus will need to login again. This is not transparent when a failove occurs. I have tried it a bunch of times to see if I can get this to work and no go. This goes the same if you have guest anchor controllers in the dmz and one of the guest anchors fails. Users will have to login again or click accept if you are using passthrough.

DHCP depends on if your users are placed in the dmz.... you don't want to open the FW. usually if you have a dmz anchor controller, then using the wlc for dhcp is fine. Or you can place a DHCP server on the dmz.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode