Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Failover with LWAPP layer 3 and routing

My deployment scenario is as follows:

- 3 WLC in the same Mobility Group. The WLC are in different cities, but have IP layer 3 connection between them with routing. So each of the WLC is in a different subnet, but can communicate each other via routing.

- 55 AP with LWAPP layer 3. 20 of them connected with WLC1 in city A, 20 connected with WLC2 in city B, and 15 of them connected with WLC3 in city C.

The failover scenario needs that, i. e., if WLC1 goes down, all AP configured to use WLC1 as primary, connect to secondary instead. I'm using fixed IP in the AP, and using the 'prime' approximation to initially configure the AP.

My questions are:

- can I just configure Primary, Secondary and Tertiary with the IP of each WLC for failover, considering that these IP are from different subnets?

- In the failover scenario, if primary WLC is down, will AP find secondary or tertiary?

- Do I need to configure static routes in the router/firewall? Which ports do i have to open in the firewalls?

Thanks in advance,

Kind regards,


New Member

Re: Failover with LWAPP layer 3 and routing

1. Yes, you can configure primary, secondary, tertiary WLCs for each AP. However, you will NOT use the IP address but the system/SNMP assigned name of the WLC.

2. In the event of a failure the AP will move to its next preferred WLC within its list.

3. As far as ports on the firewall:

LWAPP Data UDP 12222

LWAPP Control UDP 12223

Mobility groups (unencr) UDP 16666

Mobility groups (crypto) UDP 16664

If you intended to configure guest networking you will also need to open:

EOIP Tunnel IP Protocol 97


Re: Failover with LWAPP layer 3 and routing

Agree with Magrass.

You should also check the status of the "AP-Fallback" option under the 'Controller' tab.

When enabled, APs will return to their main WLC when it returns to service, when disabled, they will stay with their failed-to WLC until you move them back manually.

Also, make sure you use the same software on each WLC, otherwise your APs will all need to download new software when they move over. A controller can upgrade 4APs in 3mins, so if the CityA WLC failed, it would take 15mins before the last 4APs came back online.