This afternoon in office my friend told me that he was successful in doing AP to AP failover… I thought, “Wow….that’s great, we could not do controller to controller failover at least we can do AP to AP failover, it’s still high availability and we could propose an alternative to customer.”
As I studied Cisco wireless further I thought, “oh…this is normal.” Why? That’s because this is the roaming feature. Basically the two APs are closed to each other and thanks to dynamic channel assignment (DCA), channel will change automatically if channel overlapping occurs.
DCA is part of the self-healing feature that Cisco wireless is selling, the DCA is under the option RRM which stands for Radio Resource Management. What DCA does is when there’s a channel overlap the radio itself will change channel dynamically.
Back to my discovery, since the two APs are so closed to each other, there will be RF coverage. So if one AP is down, my wireless client will still have minimum impact because another AP is broadcasting the same SSID as long as I set my wireless client to join the SSID automatically the impact will be minimum.
Here’s the impact when one of the AP has a total failure while the other AP is still alive, I had a downtime of about 5 seconds:
About Roaming
If my client is still transmitting wirelessly while I move from one AP to another, this is roaming.
Conditions for roaming to occur
1. Controllers must exist within the same mobility domain.
2. Controllers need to have the same code version.
3. Controllers need to use the same LWAPP mode.
4. If ACL is configured, controllers need to have identical ACL.
5. Must be in the same SSID (WLAN)
Types of roaming
Layer 2 Roaming: Moving from one AP to another AP but still stay in the same SSID and in the same subnet.
Layer 3 Roaming: Moving from one AP of one subnet to another AP of another subnet while still retaining the SSID and of course still retains the IP subnet. Cool right? lol… How could this be done?
Tunneling
Asymmetric: The client sends a traffic to the destination regardless of the source address, the returned traffic sends to the mobility anchor, and mobility anchor tunnels the traffic back to the client.
Symmetric: The client sends a traffic to the destination to the foreign controller (anchored controller refers to the controller that the client originally belongs), the foreign controller tunnels to the mobility anchored controller, and the anchored controller sends the traffic to the destination. The returned traffic sends back to the anchored controller, the anchored controller tunnels the traffic to the foreign controller, and foreign controller sends the data back to the client.
The WLC which I am using has symmetric tunnel enabled, I did not even have the option to turn it off. lol
You can check this under Controller tabĀ mobility management > mobility anchor config
Controller failover
Controller is the heart of the lightweight APs, without this controller all the AP will not be able to associate themselves with the wired ethernet. Hence providing controller high availability should be implemented to minimize the service impact.
Three strategies for designing controller failover:
N + 1, where N is the controller. This design provides another spare controller that is ready to take all the primary controller’s AP in case of failure.
N + N, two controllers may have different AP license or may have the same, the problem with this is if one AP has 25 AP license and exhausted the license, while the other controller with an identical license serving 12 APs, during failover the secondary controller can only accept at most 13 of the failed controller’s AP while the remaining 12 APs could not associate themselves with any controllers.
N+N+1, this provide the extra controller that can support both the Ns.
Controller failover in 3 easy steps
Go to Controller tab, click on mobility management > mobility groups click on New button. You need to add the IP address of the secondary controller and/or the tertiary controller as well as their mac addresses.
Go to Controller tab, choose General ensure that AP Fallback is enabled.
Go to Wireless, click on your APs, and select High availability tab as shown. Now you will want your primary controller to be listed here as well, this is for your AP to rejoin back to the primary after the primary controller recovers. You need to specify the name of the controller and the management IP address, the new version 5.2 has AP failover priority.
You can change the controller name in the General option under the Controller tab. Or you can use command line
(Cisco Controller) >config sysname wlc-1 Do not confuse system name with hostname.
System Information
Manufacturer’s Name………………………… Cisco Systems Inc.
Product Name………………………………. Cisco Controller
Product Version……………………………. 5.2.193.0
RTOS Version………………………………. 5.2.193.0
Bootloader Version…………………………. 4.0.191.0
Emergency Image Version…………………….. Error
Build Type………………………………… DATA + WPS
System Name……………………………….. wlc-1
System Location…………………………….
System Contact……………………………..
System ObjectID……………………………. 1.3.6.1.4.1.9.1.828
IP Address………………………………… 192.168.10.2
System Up Time…………………………….. 0 days 2 hrs 28 mins 6 secs
Understanding how AP chooses controller
Here’s the step based on priority:
1. Will join the primary controller
2. If primary controller does not exist, will look for secondary controller
3. If neither primary nor secondary controller exists will look for tertiary controller
4. If primary, secondary and tertiary controllers all do not exist will look for master controller
5. If master controller does not exist will look for controllers within the network that has the least port utilization.
Understanding Mobility group and mobility domain
Each mobility group will have one WLC as member, multiple WLCs can be added into the mobility group by adding in the mac address and management IP address of the WLC. WLC within the same group exchanges client information, and hence make mobile users possible to send and receive data while walking from one AP to another AP, this is known as roaming.
If 2 WLCs in the same mobility group and one WLC is in a different mobility group, this relationship is known as mobility domain, roaming is still possible as long as controllers are within the same domains.
To make mobility domain:
For example WLC-1 is in mobility group openaccess, while WLC-2 is in another mobility group openaccess999.
For WLC-1:
Step 1: Go to controller, then select mobility management > mobility group
Step 2: Include the mac address, ip address and the mobility group of WLC-2.
For WLC-2 the same steps apply. This will make WLC-1 and WLC-2 know about each other client status. To add controllers into the same mobility group, apply step 1 but change step 2 to the mobility group that your current controller resides.
cyruslab 