Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
4
Replies

WLC redundancy design

jiayang85
Level 1
Level 1

‎11-03-2010 05:42 AM - edited ‎07-03-2021 07:21 PM

I have the following wireless design but not sure whether the wlc redundancy will work a not.

  • 100 remote sites
  • 25-45 APs per remote site
  • 1 5508 WLC per site
  • 2 5508 WLC at DC
  • each site has a 5Mbps link to DC
  • wireless clients connect using 802.1x
  • RADIUS server located at each site
  • DHCP server located at each site

The 2 WLCs at the DC are supposed to be the backup controllers for the local controllers when they fail. The APs will be configured in local mode and have primary and backup controllers configured. HREAP has been ruled out due to its many limitations.

From here onwards please correct me if i am wrong.

If one of the local controllers fail, all the APs at that remote site will fall back to the backup WLC at the DC. As the DC WLC will not be able to differentiate the locations of the connecting APs, I have to use another IP address range to cater for these APs. Thus the APs will no longer reside in the local WLAN subnet that i originally cater for them.

For the wireless client's IP address, is it possible for me to determine the site that the client resides in based on the 802.1x account? If possible, can i then reroute the DHCP request to the local DHCP server at the site itself. I am hoping this is feasible so that i do not have to open up another IP address range at the DC side to cater specially for these wireless clients.

For data traffic travelling from the wireless clients to the local site servers, how does the data travel? My understanding is that the data will travel from the wireless client to the DC WLC via a LWAPP tunnel. So on the DC WLC, the  traffic will be forwarded to the core switch and then to the router. the router will then route the data back to the remote site, provided the routing table is populated properly.

Each remote site has a link to the internet but the DC does not. so i wonder how will the wireless internet traffic be routed when the local controller fails? when the internet traffic reaches the DC router, how will it know which remote site to forward it back to?

All advice and suggestions are welcome.

Labels:
0 Helpful
4 Replies 4

Jeffrey Keown
Cisco Employee
Cisco Employee

‎11-03-2010 01:31 PM

Hi Jiayang,

The key concept to keep in mind is that when your ap's are in local mode, the controller is the ip point of presence to the wired network for the wireless clients.

I'm not sure if I have a solution for you, but visualize the remote site failed controller scenario.  Think about the life of a packet from one of the remote site wireless clients.  The wireless client sends a packet, the ap encapsulates it and sends it to the controller.  Based on whatever interface/vlan the ssid is mapped to, the controller at the central site will tag it and put it on the wire.

It sounds like you already understand that concept, but I figured I'd phrase a response like this to give you food for thought.

Even if you configure the central site's interfaces to point to remote dhcp servers, the traffic still has to flow as mentioned above.

hth

jeff

0 Helpful

jiayang85
Level 1
Level 1
In response to Jeffrey Keown

‎11-03-2010 03:56 PM

Hi Jeff,

thanks for the answer.

as you have said, i believe the key factor is that there has to be a route from the DC wired network back to the remote site.

but now i wonder how will the internet traffic be routed? in the case of the local controller still working, i simply have a default gateway that points to the ISP router for internet bound traffic. when the local controller fails, i do not think the DC wired network will know how to route the internet bound packets as there is no internet connection at the DC.it would of course be ideal if i can route the data back to the remote site it came from so that it can exit out from the remote site's internet connection. but i am not sure whether is this possible?

0 Helpful

Jeffrey Keown
Cisco Employee
Cisco Employee
In response to jiayang85

‎11-04-2010 01:30 PM

Hi Jiayang,

I'm not sure if there's a good way to do this as you've described.

Which H-reap limitations are you trying to avoid?

If you could use H-reap, it would make things much simpler

0 Helpful

jiayang85
Level 1
Level 1
In response to Jeffrey Keown

‎11-04-2010 10:54 PM

here are some of the limitations that are restricting my design:

  • the hreap APs have to be connected to a trunk port. some of my switch ports have to be configured as access ports due to user requirements so that would mean i can't plug in my APs into those ports.
  • H-REAP Groups can only contain 25 APs each and there is no fast roaming between different groups. since some of my sites have more than 25 APs, this limitation will cause my wireless clients to experience connection drops when they roam between different groups.
  • VideoStream (MediaStream / multicast direct) is not supported with H-REAP. this is something that my customer might plan to make use of in the future. so i would rather not shoot myself in the foot by implementing hreap now and changing it in the future.

from what i see, i dont think there is actually a feasible solution that can meet all my requirements. for all the solutions something has to be sacrificed.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card