Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

N+1 redundancy + ap groups

Hello all,

I am running WLC 7.4.100.60 and want to complete the following scenario:

I have three controllers: A, B and BACKUP. Backup is N+1 backup controller of both A and B

A and B both contain a WLAN with different profile name but with same SSID for example SSID "OPEN"

When these APs failover to the same backup controller called BACKUP, i want to keep the IP and client separation on the OPEN SSID (they are not allowed to be joined on the same IP interfaces, because of a special application running on the clients that does configuration based on source ip address)

APs on controller A are put in AP group A on interface A, APs on controller B are put in AP group B on interface B

In theory, i should be able to create both WLAN profles (with different name but same SSID) on the backup controller, assign different interfaces to it (for example backup int A to A, backup int  B to B), assign the SSIDs to different AP groups on the backup controller (A and B).

Then when APs failover to the backup controller, they will associate, they will keep their AP group and based on the AP group, they will run the OPEN SSID either on backup int A or backup int B.

So in theory, this should work.

However, when i want to configure this on my controller, the controller won't let me activate the second WLAN (even if it has a different wlan profile name, is assigned to a different interface and a different AP group), because he gives me the error message:

"The following errors occurred while updating the WLAN: WLAN with duplicate SSID and L2 security policy found".

If a duplicate SSID exists, but the wlan profile is assigned to a different AP group and interface, why wouldn't i be allowed to create two active profiles ?

An AP can only be part of one AP group, so it can only run one of these two WLAN profiles....

regards,

Geert

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: N+1 redundancy + ap groups

From what I recall from another post, you would need the second SSID to have a WLAN ID of 17 or greater to be able to duplicate the layer 2 encryption method. If you keep the WLAN ID from 1-16, you are not allowed to have the same SSID with the same layer 2 encryption method.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
2 REPLIES
Hall of Fame Super Silver

Re: N+1 redundancy + ap groups

From what I recall from another post, you would need the second SSID to have a WLAN ID of 17 or greater to be able to duplicate the layer 2 encryption method. If you keep the WLAN ID from 1-16, you are not allowed to have the same SSID with the same layer 2 encryption method.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Bronze

Re: N+1 redundancy + ap groups

I just realised my question is rather stupid. The solution to the problem is: you just need to create the WLAN profile only once. Then within the different AP groups definition, you assign the same WLAN profile to two different interfaces and then it works perfectly !

The only problem i noted was that if the two SSID are the same, but the pre-shared keys are different for example, this doesn't work (as the password would be the same for both A and B clients).

To solve this, the trick of Scott above works ! You create the second WLAN with id > 16 and then you can enable them both and assigne them to different AP groups. Thanks Scott.

regards,

Geert

183
Views
0
Helpful
2
Replies
CreatePlease to create content