Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC Mobility groups and fail-over


I would like some clarification on the Mobility groups behaviors. We have 2 WLC 4402 (wlc-a and wlc-b) setup on the same DMZ and 30 AP connecting to the first one (wlc-a). We have setup the same mobility groups on both WLC. AP failover betwen the WLC works fine: if wlc-a disappears all APs go to wlc-b. But the connected clients suffer from this transition (using webauth, dhcp is provided by the wlc). We triied a couple of configuration options but are still facing the same issues at the end.

1- we tried to configure 2 different dhcp pools for the users. When wlc-a fails, APs moves to wlc-b (good), but client needs to negotiate a new IP and therefor looses any existing connections.

2- we tried to configure the same DHCP pool on both WLCs. Obvioulsy this is not a good idea as you end up allocating the same IPs to different clients.

3- we tried to configure the same DHCP on both WLCs and created an anchor to wlc-a. This works fine if wlc-b fails, the transition is seamingless for the clients. But not if wlc-a fails, wlc-b "refuses" to give an IP to the users.

I'm a bit puzzled by the problem and can't find what I'm missing. I was thinking that the two wlc would be able to provide (near) transparent failover for the clients (at least they should not have to get a new IP and reauthenticate).

New Member

Re: WLC Mobility groups and fail-over

I think option 2 is your best bet, but use an external DHCP server. That way your DHCP is independent of the controllers.


Re: WLC Mobility groups and fail-over

Yep. External DHCP is the way to go here. Make addressing completely independent of the controller infrastructure.

Take a look at if you're worried about your DHCP server being a single point of failure on your network. They make a very nice clusterable network services appliance.

New Member

Re: WLC Mobility groups and fail-over

Also, the controller allows for a primary and backup DHCP server address, so that works nicely with a clustered DHCP service.

Hall of Fame Super Silver

Re: WLC Mobility groups and fail-over

If you failove a wlc-a so that the ap's move to wlc-b, you will have webauth client's loose their connection thus will need to login again. This is not transparent when a failove occurs. I have tried it a bunch of times to see if I can get this to work and no go. This goes the same if you have guest anchor controllers in the dmz and one of the guest anchors fails. Users will have to login again or click accept if you are using passthrough.

DHCP depends on if your users are placed in the dmz.... you don't want to open the FW. usually if you have a dmz anchor controller, then using the wlc for dhcp is fine. Or you can place a DHCP server on the dmz.

*** Please rate helpful posts ***
CreatePlease login to create content