Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
4
Replies

WLC Mobility groups and fail-over

s.barbereau
Level 1
Level 1

‎12-01-2008 05:38 AM - edited ‎07-03-2021 04:50 PM

Hello,

I would like some clarification on the Mobility groups behaviors. We have 2 WLC 4402 (wlc-a and wlc-b) setup on the same DMZ and 30 AP connecting to the first one (wlc-a). We have setup the same mobility groups on both WLC. AP failover betwen the WLC works fine: if wlc-a disappears all APs go to wlc-b. But the connected clients suffer from this transition (using webauth, dhcp is provided by the wlc). We triied a couple of configuration options but are still facing the same issues at the end.

1- we tried to configure 2 different dhcp pools for the users. When wlc-a fails, APs moves to wlc-b (good), but client needs to negotiate a new IP and therefor looses any existing connections.

2- we tried to configure the same DHCP pool on both WLCs. Obvioulsy this is not a good idea as you end up allocating the same IPs to different clients.

3- we tried to configure the same DHCP on both WLCs and created an anchor to wlc-a. This works fine if wlc-b fails, the transition is seamingless for the clients. But not if wlc-a fails, wlc-b "refuses" to give an IP to the users.

I'm a bit puzzled by the problem and can't find what I'm missing. I was thinking that the two wlc would be able to provide (near) transparent failover for the clients (at least they should not have to get a new IP and reauthenticate).

Labels:
0 Helpful
4 Replies 4

dziminski
Level 1
Level 1

‎12-01-2008 11:10 AM

I think option 2 is your best bet, but use an external DHCP server. That way your DHCP is independent of the controllers.

0 Helpful

gamccall
Level 4
Level 4
In response to dziminski

‎12-01-2008 12:25 PM

Yep. External DHCP is the way to go here. Make addressing completely independent of the controller infrastructure.

Take a look at www.infoblox.com if you're worried about your DHCP server being a single point of failure on your network. They make a very nice clusterable network services appliance.

0 Helpful

dziminski
Level 1
Level 1
In response to gamccall

‎12-01-2008 12:27 PM

Also, the controller allows for a primary and backup DHCP server address, so that works nicely with a clustered DHCP service.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎12-01-2008 12:42 PM

If you failove a wlc-a so that the ap's move to wlc-b, you will have webauth client's loose their connection thus will need to login again. This is not transparent when a failove occurs. I have tried it a bunch of times to see if I can get this to work and no go. This goes the same if you have guest anchor controllers in the dmz and one of the guest anchors fails. Users will have to login again or click accept if you are using passthrough.

DHCP depends on if your users are placed in the dmz.... you don't want to open the FW. usually if you have a dmz anchor controller, then using the wlc for dhcp is fine. Or you can place a DHCP server on the dmz.

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card