cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6421
Views
10
Helpful
16
Replies

Two WLC 5508 Anchor High Availability

Hello.

It's possible use 2 WLC 5508 en ANCHOR MODE in a Active-Active scenario?.

For example, if one WLC get down of service, the other one keep provide service to the anchor clients?.

In this moment we have just one WLC 5508 in Anchor Mode. What i need to configure a ANCHOR high Availability.

Thanks A lot!!!

4 Accepted Solutions

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

You can have redundant WLC as anchors but if an anchor fails, the user will need to log back in.

There is an HA feature on the WLC but it's mainly for foreign WLC redundancy not anchor redundancy. With multiple guest anchors the foreign WLC will load balance between the two. You will not be able to set a primary or backup.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Well... the anchor WLC should have a mobility to the foreign WLC(s) not really to each other.  The foreign WLC(s) will have mobility to each of your guest anchors... hope that makes sense:)  The mobility group for the anchors should be different than the foreign..... this is best practice.

To build redundancy for anchors, its the mobility anchor you configure and the auto anchor on the WLC to point to each guest anchor.  You would configure the anchors separately.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

If you implement two guest anchors, then you need to split the dhcp scopes between the two.  If you don't, then you will get duplicate ip address.  There is no failover option when you implement two guest anchors as the foreign wlc will load balance between the two guest anchors.  Unless the second guest anchor is not connected and you will connect it when the first one fails, but I would just put both in place and split the dhcp scope.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

ah okay... then you should be fine:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

16 Replies 16

Scott Fella
Hall of Fame
Hall of Fame

You can have redundant WLC as anchors but if an anchor fails, the user will need to log back in.

There is an HA feature on the WLC but it's mainly for foreign WLC redundancy not anchor redundancy. With multiple guest anchors the foreign WLC will load balance between the two. You will not be able to set a primary or backup.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thanks Scott Fella!.

I understood clearly the Anchor redundancy.

I just need to reply the configuration of the first WLC ANCHOR to the new WLC ANCHOR to apply this redundancy?

Thanks Again.

Well... the anchor WLC should have a mobility to the foreign WLC(s) not really to each other.  The foreign WLC(s) will have mobility to each of your guest anchors... hope that makes sense:)  The mobility group for the anchors should be different than the foreign..... this is best practice.

To build redundancy for anchors, its the mobility anchor you configure and the auto anchor on the WLC to point to each guest anchor.  You would configure the anchors separately.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Thanks a lot for your help.

i have a doubt about the DHCP.

The Anchor WLC is the DHCP server of one WLAN for guest.

If we install a second Anchor WLC, what you recommend about the DHCP server in a failover event, because this second ANCHOR WLC will have the same configuration of the firts anchor wlc.

Thanks!!

If you implement two guest anchors, then you need to split the dhcp scopes between the two.  If you don't, then you will get duplicate ip address.  There is no failover option when you implement two guest anchors as the foreign wlc will load balance between the two guest anchors.  Unless the second guest anchor is not connected and you will connect it when the first one fails, but I would just put both in place and split the dhcp scope.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Thanks a lot for your help!!!

This is confusing to me:

If we install a second Anchor WLC, what you recommend about the DHCP server in a failover event, because this second ANCHOR WLC will have the same configuration of the firts anchor wlc.

What do you mean the two will have the same configuration?  The hostname and ip should be different.... or are you just stating that the WLAN and DHCP will be the same?  I don't want to tell you something and break your environment, so just trying to clear things up.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

I mean about the WLAN and DHCP, this new ANCHOR WLC have other IP address and hostname.

The ssid will be the same in both anchor wlc, just the only difference is the dinamic interface right? Because each anchor controllers needs a different interface for the ssid anchored ( example  Anchor1 192.168.1.2  Anchor2 192.168.1.3) in the same subnet if i use the splitted DHCP.

ah okay... then you should be fine:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hello Scott,

I am doing this kind of configuration with 2 WLCs 5520 on the LAN infrastructure (they will be in HA) and 2 WLCs 5520 in the DMZ as anchor and we would like to have some redundancy with the anchor WLCs also. I read your discussion with Jorge and i still have some points that are not clear for me...

- Why the mobility group for the anchor and foreign should be different ?
- What do you mean by if the anchor WLC fails the user will need to log back in ?

Thanks,

-Alex-

The reason for the mobility group to be different is best practice. It is so that the AP's will not know about the WLC in the DMZ. Now you can keep everything in the same mobility group if you want, but I do not do it that way.  The state of the device is tied to one of the controllers so if you have an actor controller go down, then the tunnel breaks and the foreign controller needs to now anchor the device to the other anchor controller.  Same situation with two foreign controllers in an N+1 design. 

Hope this helps.

-Scott

-Scott
*** Please rate helpful posts ***

Ok thank you Scott,

What would you do if you would have 2 WLC's in the LAN and 2 WLC's in the DMZ ? Would you configure HA for the DMZ WLC's ?

When you have a HA between 2 WLC's in the DMZ, there will be downtime if 1 of the DMZ WLC  go down , right ?

Also , i read a document where it's mentionned the guest anchor priority : http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configuration-guide/b_cg81/b_cg81_chapter_010011000.html#ID568

Is it related to the ha anchor WLC's ?

regards,

-Alex-

I personally would keep two guest anchors separate to allow the foreign controllers to load balance anchored traffic to either guest anchors.  If one of the guest anchors goes down, yes your guest users would have to login again, but it's guest users. This really shouldn't be an issue to be honest. 

-Scott

*** Please rate helpful post ***

-Scott
*** Please rate helpful posts ***

Hi Scott, 

I am in a similar situation where I can either HA two anchor controllers in the DMZ or have them run as N+1. Your personal preference is two guest anchors (N+1). My question is whether the HA anchor controller design is supported ? It will have the advantage that a wireless user (guest, byod, other termination in the dmz) will not need to re-auth which he will be forced to do in the N+1 anchor wlc design. Client SSO works on foreign wlc, does it work on anchor wlc too ?

Thanks, 

Rick.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: