Wireless Design - WLC Configuration

Unanswered Question
Mar 17th, 2009

Soon to be working on a design for a Wireless installation across one of our buildings. The wireless survery has been completed, and we'll be installing 175 APs, across the 3 floors of the

building.

With regards to the back-end WLC setup, I have a few queries around the WLC configuration. We're looking at implementing the 4400 series of devices, and due to us having nearly 200 APs, we'll need at least 2 x 4404 or 4 x 4402 - I'm assuming its simpler to have fewer devices to make management simpler.

Also, looking at the Cisco reference material, they recommend that a 4404 can support up to 100 APs, with regards configuring the ports on the box, would I need to configure LAG across the WLC

ports in order for it to accomodate all of the Access Points. If we were to go with a scenario of using 2 x 4404 devices, would we be in a position whereby if we lost a Controller, we'd lose

all of the Access Points associated with that Controller? In order for us to have full resiliency, we'd need an additional 4404 controller for the APs to failover on too?

From a licensing perspective, we'll be purchasing a licence to cover 200 APs.

TIA

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
rduke Tue, 03/17/2009 - 10:19

When looking at redundancy options I kind of like the N+1 design. You don't have 1 to 1 redundant controllers, you basically have one spare and expect no more than one controller to fail at a time.

One design option that is relatively new is that you can designate the AP priority. I don't think that was an option before version 5.1. If you have a controller failure, and there are more APs than available controllers, at least your critical APs will stay connected. That may not work for your environment, but it is a good feature for me.

The only bad thing about the external controllers is that they take up a lot of switch ports for all the LAG connections.

Daniel Anderson Tue, 03/17/2009 - 10:40

Thanks for the reply. That was kind of the configuration I was looking at, going with 3 controllers - 2 controllers taking the load of all the Access Points, and a 3rd available in case of a WLC failure.

Looking at the LAG side of things, is that the best design option with regards activating the ports to enable the WLC to manage up to 100 Access Points? Is there an alternate solution people tend to use?

Leo Laohoo Tue, 03/17/2009 - 14:19

Hi Daniel,

Do you have a 6500 chassis? Have you considered using a WiSM?

Regarding the 4404, each of the SFP port can support up to 48 AP's (http://www.cisco.com/en/US/docs/wireless/technology/controller/deployment/guide/dep.html#wp1061736). So you might get away with getting one 4404-100 and configuring the each ports to support 48 APs.

Is your building connected over a WAN link? If so, you may want to consider H-REAP. One of the benifits I've noticed is that LAP's become semi-independent of the WLC. For example, when I took down the WLC for maintenance, the LAP still operate normally rather than stop providing wireless service while looking for a WLC to join.

Hope this helps.

Daniel Anderson Wed, 03/18/2009 - 08:25

The modular option is not something we're able to use. From a design perspective, we'll be implementing 4 x 4402, enabling us to manage a Max. of 200 APs. With the implementation of 170 APs, should we lose a WLC, we'll only lose a small No. of Access Points.

The Wireless configuration will be implemented across a LAN, there will be no WAN connectivity involved.

From a configuration perspective, to allow us to get full AP utilisation on each WLC, is it better to run with LAG, or create an AP Manager interface for each interface we'll be using on the WLCs? My preference at the moment is with LAG, as this seems to be the simpler/tidier method for implementation. Does anyone have any experience/feedback with either method?

Leo Laohoo Wed, 03/18/2009 - 15:58

Hi Daniel,

"From a design perspective, we'll be implementing 4 x 4402, enabling us to manage a Max. of 200 APs." < --- You mean 2 x 4404-100.

There are some pros and cons regarding creating multiple AP Manager interface. The major selling point for this is that each physical port can manage 48 APs. Therefore a 4404-100 can manage around 192 AP's. The drawside is redundancy. If a port should go down, the AP's should go somewhere else.

I'm planning to deploy a 4404-100 this way (to support about 150 AP's) and for redundancy, I'm going to get a 4402-25.

Daniel Anderson Wed, 03/25/2009 - 09:21

"From a design perspective, we'll be implementing 4 x 4402, enabling us to manage a Max. of 200 APs." < --- You mean 2 x 4404-100.

No, due to us already having 2 x 4402-50, we'll simply be purchasing another 2 to house all 170 Access Points.

Going back to another point above, you mention that using AP-Manager on an interface, each interface is able to support a Max. or 48 APs, and thus a 4404 could support 192 Access Points. I was under the impression that a device (eg 4404-100) would only support a max of 100 Access Points regardless of the connectivity method used.

srosenthal Wed, 03/25/2009 - 10:06

The 4404-100 supports 100 AP's max and to get the 100 you must use LAG.

If you do not use LAG, then you max AP drops to I believe 96 total on the 4404-100.

Seth

mark.cronin Wed, 03/25/2009 - 10:13

Daniel

What will you be using the wireless network for?

Data Coverage Only?

VoWiFI?

Location tracking?

Guest Access?

I believe identifying the business requirement will help you decide on the level on resilience and future scalability

You should take a look at the mobility validated design guides

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns741/networking_solutions_products_genericcontent0900aecd80601e22.html

Mark

sovath2008 Thu, 03/29/2012 - 15:53

We setup the 4404 model with about 60 APs. All works well except the phone mobile users like iPhone or Android phone can't access to the internet. All laptop users have no problem.

Thanks for your help.

Good Day!

blakekrone Thu, 03/29/2012 - 19:51

Need more information about your setup. What model APs, what are the SSID settings? D they get IPs from the DHCP server? Can they ping their gateway?

Sent from Cisco Technical Support iPad App

grabonlee Fri, 03/30/2012 - 03:40

In addition to question asked by blakekrone, are you using any machine authentication mechanism on your wireless network?

mike.sprinkle Fri, 03/30/2012 - 10:49

If you have the budget I would suggest the 5500 series controllers. The 4400 will not be supported past 7.0.220.0. The 5500 has flexible licensing and is capable of running the latest code and AP's.

sovath2008 Fri, 03/30/2012 - 12:03

Blakedrone and Osita,

thanks for your response. Mobile phone users get IPs from Windows DHCP IP, server with the same setting as laptop users. We use [WPA + WPA2][Auth(PSK)] for security auth. with SSID disabled. Pretty much simple setting. My coworker has android phone and he just tested by pinging gateway and he got no response. But not for laptop windows users. This is my where I am lost.

Thanks guys.

grabonlee Fri, 03/30/2012 - 12:20

Sovath,

you have to clear some issues based on your comments above, especially about pinging gateway: So let's start with the basics;

1. Was layer 2 authentication successful with phone i.e were you able to join the SSID with the phone?

2. If layer 2 authentication was successful,did the phone rx an IP address?

3. What are you trying to achieve by joining the WLAN with your phone? Internet browsing?

4. If internet browsing, do you use a proxy?

sovath2008 Fri, 03/30/2012 - 12:50

Osita,

Your questions of number 4 opened up the door. We do have proxy server. I tested it by entering proxy setting in my iPhone with authentication and it works. So now we just need to setup the proxy setting in the DHCP scope so phone users don't have to set manually.

Thank you.

sovath2008 Fri, 03/30/2012 - 13:06

Oops! I still have problem. the scope option does not allow to set proxy setting. Is there a way to do that? For android phone there's no way to set proxy setting! but iPhone does.

Sovath

Leo Laohoo Fri, 03/30/2012 - 14:56
For android phone there's no way to set proxy setting! but iPhone does.

Yes and no.  This is an ongoing issue with Android since it was first identified.  The only way around Android OS and proxy is to get a browser that supports proxy such as Opera for Android.

As for iPhone and iPad, there's a particular proxy setting in the iOS that was broken since the introduction of 5.0 iOS.  We have similar issue that if proxy settings are enabled, the user will be prompted several times to enter their proxy username and password to the point of disbelief.

sovath2008 Fri, 03/30/2012 - 15:21

Do you think that the phone carrier change the Android OS kernel and removed the proxy setting option before they sell it to consumers? If it's so why would they do such thing?

RE: iPhone and iPad users if you use Windows proxy server and intergrated Windows authentication is enabled the credential should not be prompted for user if it's already entered in their devices. I don't use intergrated windows auth. so there's no prompt for credential. It only need proxy IP and port number for munual setting. URL for auto. 

Leo Laohoo Sat, 03/31/2012 - 16:38
Do you think that the phone carrier change the Android OS kernel and removed the proxy setting option before they sell it to consumers? If it's so why would they do such thing?

As far as I'm aware, no.  Phone carriers don't care about wi-fi proxy.  They won't make any money if they do and they equally won't make money if they don't.  This "proxy" issue came straight from the developers of the Android OS themselves.  It's been highlighted since day one of the Android release.  This is why some browsers have incorporated proxy settings to their application because the Android OS developers are not interested to fix this shortfall.

RE: iPhone and iPad users if you use Windows proxy server and intergrated Windows authentication is enabled the credential should not be prompted for user if it's already entered in their devices.

Unfortunately, I don't have the details with me right now but I'll try to see if I still have this information when I go back to work.



Actions

Login or Register to take actions

This Discussion

Posted March 17, 2009 at 9:53 AM
Stats:
Replies:22 Avg. Rating:5
Views:696 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard