What is the difference between a Primary WLC and a Primary Backup WLC?

Unanswered Question
Mar 12th, 2009


Reading about WLC high availability, in this doc:


What is the difference between the Primary/Secondary/Tertiary controller, and the Primary Backup/Secondary Backup controller?

Its not clear from the doc what the functional difference is between the two types.

Thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dennischolmes Thu, 03/12/2009 - 11:40

This is the order in which an AP fails over to another controller in the event it loses the controller it is attached to. The AP will always look for the master controller first, then the primary , then the secondary, then the tertiary, then the least congested available controller on the network. So, if the primary controller fails then the AP reboots and looks for a master (which is only used for configurations and should normally be turned off) then since the primary is down it will register with the secondary. Once the primary comes back online the APs see the primary back online and restart the discovery process and reassociate with the primary. During this process there is a service interuption. Priority can now be assigned to certain APs in critical areas to insure they are the first to come back online.

Nigel Bowden Thu, 03/12/2009 - 11:48


Thanks, but the document draws a distinction between a :

1. a primary controller

2. a promary backup controller.

The failover order in the doc is :

1. primary

2. secondary

3. tertiary

4. primary backup controller

5. secondary backup controller

So, I wonder what is the difference between #1 and #4 in this list?


dennischolmes Thu, 03/12/2009 - 11:53

Backup controllers are controllers that by design are part of the N+1 or N-N redundancy factor. Backup controllers normally would have no APs associated to them and would be used in the data center or in centralized points to provide redundancy for the network if there is a failure of the primary, secondary, and tertiary. Since the backup has no APs on it then the AP would see the primary and secondary backups as least congested available and would associate to those. If across a wan link then of course performance would suffer and this is not the desirable permanent fix, only a temporary one until a local controller can be brought back online. Make sense?

Nigel Bowden Thu, 03/12/2009 - 12:02

So, a secondary with no APs is the same as a primary backup?

In the WLC config, I see fields for primary/secondary/tertiary controllers, but no fields for primary backup or secondary backup.

Thanks for the info, hope you don't think I'm laboring a point - I'm not sure I've totally got it.

The primary backup would still have to be in the same mobility group to have the AP configs - right?


dennischolmes Thu, 03/12/2009 - 13:06

Primary backup and secondary backup are really just names assigned to least congested n+1 or n to n backup controllers on the network as backups to the primary, secondary, and tertiary. These three are actual parts of the machine state when in an lwapp discovery process.

Leo Laohoo Thu, 03/12/2009 - 16:57

Before the High Availability feature firmware (pre 5.1 code), it used to be called Primary/Secondary/Tertiary controller and you have to manually configure this using CLI on a per-AP basis.

With the advent of the HA feature, you just type the Primary Backup/Secondary Backup and this setting (name and IP Addresses of the controller) will be propagated to all your AP.

Does this help?

Leo Laohoo Sun, 03/15/2009 - 20:28

In light of this, please be aware of CSCsy29900 bug (5.2 global backup-primary and backup-secondary settings don't take.):

"config advanced backup-controller.." or in the GUI Wireless>>All APs>>Global Configuration...the back-up primary/secondary controller settings don't take from both the GUI and CLI.

Conditions: controller trying to setup the Back-up Primary and Back-up Secondary configuration. Settings don't show as being applied to the AP after entering the info from the GUI or CLI.


Go into each AP individually under Wireless>>All APs and set the primary/secondary there.

dimitrirosas Tue, 04/21/2009 - 12:39

I was just wondering if you guys can explain me. WHat if i just have only one controller, is already in prodution with Aps associated to it, but suddenly it fails, is the only one i have. This it means that my Aps will stop working or there is a fail mode for this??

rob.huffman Tue, 04/21/2009 - 13:02

Hi Dimitri,

With a single "stand-alone" WLC there is no failover capabilities. This is why Cisco recommends the N+1 WLC build for WLC deployments :)

Hope this helps!


Leo Laohoo Tue, 04/21/2009 - 14:08

Hi Dimitri,

Rob's correct. LWAP AP's are very dependent on the WLC because all the config and "smarts" happen right there.

However, there's a small loophole into this. It's called H-REAP. I've tested this and when I bring the WLC down for maintenance, I was still able to use the WLAN. The exception-to-the-rule is this: When you have the WLC operating in H-REAP and your WLC goes down, make sure your AP's don't get rebooted.

Hope this helps.

dimitrirosas Tue, 04/21/2009 - 15:03

Thak You Rob & Leo

I read somewhere what Leo wrote here, i just was wondering what the implications of having your local APs in H-REAP mode are, if there are some implications.


Best Regards

Leo Laohoo Tue, 04/21/2009 - 15:54

Hi Dimitri,

Unfortunately, I am unable to determine what you have in your network. You will need to test this method in your lab so you'll know if it's feasible or not. Another option is to configure a unique SSID and an AP for H-REAP and observe for yourself.

If you are using Network Admission Control (NAC), it won't work.

H-REAP Modes of Operation Configuration Example


H-Reap Design and Deployment Guide


JOHN SAINATO Thu, 08/12/2010 - 11:30

So for those of us that are really thick... If I have 2 controllers WLC1 and WLC2 and I want WLC2 to be the secondary controler for ap fail over. Do I configure it as the Back-up Primary Controller on WLC1?


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode