Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

AP Failover between controller on layer 3 network

Hi, I need to configure AP fail over between controllers that reside on different ip subnets.

I understand how this operates when the controllers reside on the same network subnet and also how to configure the controllers to perform failover.

However, I have a requirement for failover between two controllers that reside on different subnets.

The following example scenario may explain my requirements further:-

I have a total of 4 controllers in my network - 3 in operation and 1 hot standby It is intended that the hot standby will be a backup for the other 3 operational controllers with the intention that only 1 of the operational controllers will fail at anyone time. Each of the 3 operational controllers have a full compliment of AP's registered serving multiple sites. These sites use local vlans (which use the same vlan numbers per network ) i.e. site X on controller 1 uses vlan 200, site Y on controller 2 uses vlan 200 and site Z on controller 3 uses vlan 200. There is also a future requirements that each site will broadcast multiple wlans i.e. every site will broadcast the 'education' ssid and also the 'corporate' ssid - this requirement will involve the use of AP groups being configured on the controller.

Therefore, given the above scenario, if one of the operational controllers was to fail and the registered AP's fail over to the hot standby, then how do the AP's know which AP group they should be a member of in order to continue client connectivity, once they have registered with the hot standby controller if this controller is configured with multiple dynamic interfaces for the three operational controllers?


Hall of Fame Super Gold

Re: AP Failover between controller on layer 3 network

Hi Scott,

Let me get your issue correctly. You have 3 active and 1 standby WLC and you want the AP's to know where to go when the active dies, is this correct?

Depending on the firmware you are running, if you go to the the main page, choose All APs (I'm doing this all by memory). Choose the AP you want and in one of the tabs, it will allow you to enter your Primary, Secondary and Tertiary controllers.

As I said, depending on your firmware codes. Firmware codes from 5.X to the latest will allow you to enter the WLC name and IP Address. If you have 3.x and 4.x, don't bother filling up the details as there is a known bug. You'll have to do this by CLI.

The command is "config ap general primary" or secondary or tertiary controller and just follow the bouncing ball.

Hope this helps.


Re: AP Failover between controller on layer 3 network

to touch on the AP Group question...


WLC1 consists of AP Group A,B,C

WLC2 consists of AP Group D,E,F

WLC3 consists of AP Group G,H,I

Then, you will want to make sure you define AP Groups A-I on the backup controller. As long as the new controller has the same group name as the previous controller, it is my understanding that the AP should still configure off that group.

Now, what I fail to understand is what you mean by site X Y and Z all using the same vlan 200. If the backup controller is located elsewhere, you're not going to be able to put clients in vlan 200 anywhere but at the backup controller. UNLESS you are doing HREAP. If you are doing HREAP, then it is 100% crucial that you make sure all WLANS are on ALL controller in the exact same order.

New Member

Re: AP Failover between controller on layer 3 network

Hi and thanks for the responses. I'm not sure I have explained my requirements clearly enough therefore, I have attached a simple network diagram showing the current network topology. Basically there are currently 3 production controllers that are fully populated with AP's. In addition there is 1 hot standby controller. Each of the edge sites connected to the production controllers use the same local vlan numbers for the wlans i.e. school X on production controller 1 uses vlan 200 for the corporate wlan in addition school Y on production controller 2 also uses vlan 200 for the corporate wlan. These vlans are only locally significant they do not extend to the wan beyond the production controller that the edge site is connected to.

Therefore, what I want to know is, is it possible to configure the hot standby by controller in a way so that should any ONE of the three production controllers fail, the AP's fail over to and continue operation.

I would like to configure the hot standby controller with the same numbers as used on the production controllers i.e. 200/300. In addition, with a new subnet range. Therefore, if school X on production controller 1 had to failover to the hot standby controller it would still use vlan 200 for corporate and vlan 300 for guest and clients would get an ip address from the and networks. Likewise, if school Y on production controller 2 failed over to the hot standby it would also use vlans 200/300 and clients would get an ip address from the and networks depending which ssid they associated too.

If the above scenario is possible then how do you configure AP groups on the hot standby controller for the above to work because a single AP group on the hot standby has to effectively deal with 3 production controllers.


Hall of Fame Super Gold

Re: AP Failover between controller on layer 3 network

When you configure the Primary/Secondary/Tertiary Controllers on each of the AP, during the failover, the APs will maintain the same IP address.

You can test this by telling the AP to join to the backup controller using the command "config lwap ap general primary".

Have you tried using H-REAP? One thing I like about H-REAP is when your primary controller, the AP's just chug along as if the controller never failed. Just make sure the APs are not re-started.

New Member

Re: AP Failover between controller on layer 3 network

H-REAP would make some sense in this scenario. But, you have a backup controller, so we need to use it :)

First off, looking at your diagram, I don't understand what AP Groups are really doing for you? Since the APs are associated to their local controller, they will use the local controller's VLANs that are associated to each of those SSIDs. If you had APs on a controller that needed to have different interfaces/VLANs for the same SSID on that one controller, then AP groups would come into play. Since this doesn't appear to be the case, I would get rid of the AP Groups. Then, for each AP, just configure the local controller as primary and the backup as secondary. As long as they are in the same mobility group, they should failover fine. On the backup controller, map each SSID to the interface you want to use at the central site.

CreatePlease to create content