Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

controller failover for different controllers

Hi,

I have 3 existing controller with different model, capacity, version and configurations. I have purchased new controller that supports 100 APs.

Let's say WLC_A has a capacity of 25 APs and caters 20 APs, WLC_B has a capacity of 12 APs and caters 12APs, WLC_C has a capcity of 50 and caters 30APs. the NEW WLC, WLC_NEW has a capacity of 100 and will only have 18 APs registered to it.

What will be the requirement for me to have WLC_A, WLC_B, WLC_C failover to WLC_NEW, given that all OLD WLCs have different version and configurations? We are trying to make this as HA as possible.

1 ACCEPTED SOLUTION

Accepted Solutions

controller failover for different controllers

Try  different profile name with same SSID with different security types,

When creating a WLAN with the same SSID, follow these guidelines and requirements:

•You must create a unique profile name for each WLAN.

•When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.

Thanks

NikhiL

34 REPLIES

controller failover for different controllers

Hi,

For HA to work out all the failover WLC in the same build and same config. If you have some specific conifguration for each AP in the different WLC, you can try with AP-groups

Thanks

NikhiL

New Member

controller failover for different controllers

Hi Nikhil,

I was also looking for AP group as a solution but the thing is each some location has different SSID and for that i can re-create those SSID on the WLC_NEW. But for example if one SSID from WLC_A is same on WLC_B but has different security how can this be done? I believe AP grouping will associate with same SSID, thus should have same security for each client. as another info for my senario will be as of below:

WLC_A

SSID: TEST_A

Security: WEP

SSID: Guest

Security: none

WLC_B

SSID: TEST_B

Security: WPA_PSK

SSID:Guest

Security:web auth

WLC_C

SSID: TEST_C

Security:WEP

SSID: Guest

Security: WPA_PSK

Guest SSID is common on each WLC but have different security and different VLAN and IP addressing on each site.

[!][!][!][!][!][!][!][!][!][!]

controller failover for different controllers

Try  different profile name with same SSID with different security types,

When creating a WLAN with the same SSID, follow these guidelines and requirements:

•You must create a unique profile name for each WLAN.

•When multiple WLANs with the same SSID get assigned to the same AP radio, you must have a unique Layer 2 security policy so that clients can safely select between them.

Thanks

NikhiL

New Member

controller failover for different controllers

one more thing how about the VLANs

WLC_A

SSID: Guest

Security: none

VLAN: 20 SW_A  

WLC_B

SSID:Guest

Security:web auth

VLAN: 40 SW_B

WLC_NEW

SSID:Guest

Security:WPA_PSK

VLAN: 20 SW_NEW

My question here is for the VLANs where SSID:Guest on WLC_A the VLAN is 20, for WLC_B it is on VLAN 40, what is available for guest network on my new network is just vlan 20 also. If all the APs failover, where do my AP clients associate their VLAN on to? is on their respective switch or on the SW_NEW where my new controller is attached? does switching happens on the local Switches where the APs are connected? this is because SW_NEW does not have VLAN 40 and since WLC_A and WLC_NEW's Guest SSID is both on VLAN 20.

controller failover for different controllers

If you are AP failover, clients will get IP address from the respective WLAN interface  in the new WLC it joins.

Are you having same vlan with different IP address, say vlan 40 in wlc_A with one ip range , and vlan 40 in wlc_new with another ip range

Thanks

NikhiL

New Member

controller failover for different controllers

yes i have same VLAN 40 but different IP range and different part of network which traverse through WAN.

And just for verification i need to have same version of OS on all my WLC right?

Hall of Fame Super Silver

Re: controller failover for different controllers

yes you should or else your AP's will have to downgrade or upgrade depending on which wlc it connects to.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

controller failover for different controllers

Hi Scott,

thanks for the verification, how about for the VLAN question?

Hall of Fame Super Silver

Re: controller failover for different controllers

It's fine... If an AP moves to a different WLC (failover for example) the users will obtain a new ip address from the location the WLC resides.

Users will not keep their ip address.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

controller failover for different controllers

Hi Scott,

so if for example wlc_A has vlan_10 with ip address of 10.10.10.0 /24

then when it transfer to wlc_B with vlan_10 of 20.20.20.0 /24, client will get ip address of 20.20.20.X?

Hall of Fame Super Silver

Re: controller failover for different controllers

Yes you are right.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

controller failover for different controllers

Let me try to explain this a little better.  If you have the following like you posted earlier and all these WLC's are located in the same building and you mobility between the two.  When a user roams from one WLC to another, it will break and the user will have a hard time accessing the SSID.  This is because you changed the security method.  You can't apply multiple security profiles on a client.

WLC_A

SSID: Guest

Security: none

VLAN: 20 SW_A

WLC_B

SSID:Guest

Security:web auth

VLAN: 40 SW_B

WLC_NEW

SSID:Guest

Security:WPA_PSK

VLAN: 20 SW_NEW


What you need to do is define your wireless requirements (SSID & Security method)  You want to have the same SSID have the same security method and preferably have the dynamic interfaces on the same subnet if your L2 to the access.

This is how you should have guest as an example.  All the WLC should be in the same mobility group!

WLC_A

SSID: Guest

Security: WebAuth

VLAN: 20 SW_A

10.20.10.20/24

WLC_B

SSID:Guest

Security:WebAuth

VLAN: 20 SW_B

10.20.10.21

WLC_NEW

SSID:Guest

Security:WebAuth

VLAN: 20 SW_NEW

10.20.10.22

This setup will allow users to roam from one WLC to another seamlessly.

-Scott
*** Please rate helpful posts ***
New Member

Re: controller failover for different controllers

Hi Scott / Nikhil,

You are mostly correct but the problem is this setup is already established. and since site_A has same VLAN 20 but different IP (10.10.10.X) from site_NEW which has VLAN 20 (20.20.20.X) this has been the real chalenge. Nikhil was correct too, i can create multiple profile so if client has different configuration for security and have similar SSID then they can still connect with this SSID. but if they were same security and same SSID but different VLAN ip range that will be my problem.

Another problem will be is if the WLC failover and have different IP, most probably the routing of this traffic will pass thru the Gateway of the new site.

Is there a way that even if the WLC fails they will still use the local LAN in which the APs were connected?

Hall of Fame Super Silver

Re: controller failover for different controllers

Maybe you should look at H-REAP. Using H-REAP will dump traffic local to that site and this your dhcp is local and users will keep their ip address.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: controller failover for different controllers

What you should of done was get a redundant WLC for each site. That would make things much easier for you. Failing over to a WLC located at a different location will require your devices to obtain a dhcp address from that site. There is no way you can have users keep their ip address if the AP joins a different WLC in a different location as in your situation.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: controller failover for different controllers

Hi Scott,

So there is no way to get this done even if i use H-REAP and even if the WLCs are in one single domain?

Hall of Fame Super Silver

Re: controller failover for different controllers

Well since you have the same SSID name but different security methods at each location, you will not be able to make it work how you want to. To keep your current setup, you need a wlc as a backup at each location. If you keep your SSID and security method the same, H-REAP would work, because you map the SSID to a local vlan.

Take a look at the H-REAP guide

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: controller failover for different controllers

hi Scott,

If for example i got to synchronize all site's SSID to a same name and same security. Can H-REAP work using each sites local VLANs? im having a little difficulty in understanding the local switching stated on H-REAP. does that mean that i will still be able to use the local VLAN interface on each site_A even if my LAPs join on site_NEW?

Hall of Fame Super Silver

Re: controller failover for different controllers

We're you able to get things to work correctly?

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

controller failover for different controllers

Client will get the IP address based on the WLAN interface,

Thanks

NikhiL

Hall of Fame Super Silver

Re: controller failover for different controllers

H-REAP allows you to map your SSID to a local vlan. When you gave h-reap local switching enabled on your WLAN SSID and your ap is in h-reap mode, you have the option on the ap under the h-reap tab to define the native vlan for that ap and them the vlan mapping for each SSID you have enabled h-reap local switching for. It doesn't matter what wlc the ap has joined, but you need to make sure that each wlc that is either the secondary, tertiary or might possible join are setup the same way.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: controller failover for different controllers

Hi Scott,

I have tried to configure H-REAP. but the problem is i cannot get an IP from my local DHCP server. i have tried several combinations of enabling H-REAP, but as soon as i enable "H-REAP local Switching" on WLAN>Advanced, clients loose their IP addresses and even if i release/renew or even turn my WiFi off and on i still cannot get IP address from my DHCP.

controller failover for different controllers

Did you do VLAN mapping in the HREAP page of AP

New Member

controller failover for different controllers

Yes i have done that. But once i have enable the "H-REAP local switching" the client suddenly lost its IP.

controller failover for different controllers

Have you enabled trunking on the switch-port in which  AP is connected

New Member

Re: controller failover for different controllers

Hi Nikhil,

Already put the switch on trunk and i had no vlan restriction. I have set it up on a LAB environment so my switch is also the DHCP. i have maken sure that it is reachable on the other side of the network behind my WAN.

Hall of Fame Super Silver

Re: controller failover for different controllers

Do you have an ip helper on your wireless interface and can you make sure the dhcp scope is active?

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: controller failover for different controllers

Yes i have an ip helper on my switch VLAN interface also a DHCP address on the wireless interface. How do you put ip helper address on the WLAN interface? is it the DHCP field on the WLAN interface config page?

Hall of Fame Super Silver

Re: controller failover for different controllers

There is no ip helper on the WLAN interface. You have the ip helper on the L3 interface and you also have the dhcp specified on the WLC interface so you are okay then.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
1142
Views
0
Helpful
34
Replies
CreatePlease login to create content