Cisco :: 5508 - Failover For Multiple WLCs And Mobility Groups
Feb 14, 2013
We are in a warehouse type setting and have data centers on each side of warehouse with 5508 WLC's in each data center. Each side is on its own subnet with routing in between and a different set of SSID's for each set of WLC’s. Are goal is to have the ability to failover in the event that if one data center goes down AP’s will move to the controllers in the other DC and the clients will still be able to operate.
Our thought was to implement mobility groups between the controllers. While I saw documentation on setting this up when the controllers are on the same vlan, I didnt see any setup config when controllers are in different vlans. So I am wondering if mobility groups are even an option for what we want to accomplish. For the most part clients stay on their respected sides of the warehouse and so we are not necessarily needing roaming for clients between controllers in DC1 and DC2. But that does raise another question in that we do have a planned voice wlan that we would like to have the ability to roam between each side of the warehouse. But we have seen ip issues with this. In the past we have had both SSID's setup on each side and ran to issues with clients not renewing their IP address when moving to the controllers on the different subnets.
Can we setup mobility groups between controllers on different vlans/subnets? For failover purposes will mobility groups assist in our setup with 2 DC’s and different subnets/vlans? If the answer is yes we can setup mobility groups between different subnets, is there a way to setup the SSID's on all controllers and have the ability for clients to roam and renew their IP’s when moving to a different controller on a different subnet?
View 3 Replies
ADVERTISEMENT
Sep 1, 2012
1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?
View 6 Replies
View Related
Aug 26, 2012
Is it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
View 4 Replies
View Related
May 6, 2012
How do Mobility Groups work with internal DHCP scopes on a WLC 5508?We have a WLC 5508 with two internal DHCP scopes which redirect to captive portals for authentication. I am looking at putting in a second WLC in a mobility group setup to provide some WLC redundancy. The LWAPs will be setup so that every second AP is on the has the second WLC as its primary controller. If the primary WLC fails we want the secondary to be able to take over and issue IP's from the internal scope. How do you set this up with a Mobility group so the second WLC does not act as a rouge DHCP server while the primary WLC is still active?
View 6 Replies
View Related
Jul 7, 2011
I have 2 5508 controllers in a mobility group. Any good way to keep the configuration between the 2 controllers synched up?
I thought about copying the config from my primary controller to the secondary controller, but I would think there is a more elegant way to make this happen.
View 5 Replies
View Related
Apr 7, 2013
I have a 4400 and a 5508 WLC in the same location We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
Do I only need to create a mobility group and add both WLC then create only one WLAN on one of the controllers and it will be shared across bot WLC.
View 5 Replies
View Related
Mar 17, 2013
have concern regarding the faiolver of 2 WLCs.
1. One Active_WLC(2504) have a full licence of 15 Access points.
2. 2nd Seconday_WLCs(2504) have a normal licenece (Without any AP licenece-Zero AP Count License).
Now my questions are:
1. If first WLCs goes down due to any kind of problem then can secondary WLCs comes up and takover of all APs.
2. if Yes, then How may days or hours...These APs will connect to the WLC.
3.If first WLCs comes up after some days, then can this WLC automaticall tak over the situation??
View 4 Replies
View Related
Sep 10, 2012
Can I configure a mobility groups between 2106 Wireless LAN Controller and 5500 Wireless LAN Controllers?
View 8 Replies
View Related
Dec 1, 2011
Do you know if the new 2500 series controller supports things like mobility groups? Could I use 2 of these and do inter-controller roaming. Also do you know if this would work with a 2106 controller and a 2505 controller or are they 2 completely independent controllers only knowing about their own APs??
View 12 Replies
View Related
Mar 24, 2012
What consequences could i have if i install a WiSM-2 module into a pair of 6500 configured in VSS and another WiSM-2 module into other pair of 6500 configured in VSS for serving a 300 APs??...in this case, do i need to configure mobility groups for guarantee a high availability and also redundancy of controllers?Under the best practices, is much better having the two WiSM-2 modules into a single pair of 6500 configured in VSS??
View 4 Replies
View Related
Jan 25, 2012
I would like to discuss another method of a bulk controller upgrade and see what other engineers take on this upgrade path would be.Say I have an instance of 84404s with 50 APs each, In this case I have N+1 redundancy where I can follow the normal procedure.Normal Procedure.Move all APs to controllers 1-4Preload all APs with the new code versionUpgrade and reboot empty controllers 5-8 to new code versionMove all APs to 5-8 with new code versoinUpgrade empty 1-4Move all APs back home.Now take the same scenario only chage it to 80 APs per controller. I've now lost my N+1 and cannot do it quite as smoothly. As opposed to trying to follow the normal proceedure and have an extended window of "brown outs" How about doing it all at once.Black-out accelerated proceedure:Preload new code on all controllersPreload new image on all APs on all controllersReboot all 8 controllers at the same time.Allow time for APs to connect back and load the new image.I assume with this proceedure that I might see around 15-30 minutes of actual downtime to the site but it seems like that could be preferable to two-three hours of brown outs.
View 6 Replies
View Related
Oct 18, 2012
We are currently running WCS but have built a new Prime Infrastructure 1.3 system from scratch on a brand new server, we have sucessfully migrated the old WCS database on to the new Prime server and as a test I have pointed 1 anchor controller to it. Possible to point the WLC's to both WCS and Prime Infrastructure concurrently - I was thinking that it would be a quick fallback if we has any problems with Prime (I know there have been some!) We are not running MSE but we do have mobility groups, the WLC's are 5508 running 7.0.235.3 .
View 0 Replies
View Related
May 2, 2011
I have three 5508 WLCs, running code 7.0.98.0 supporting 100+ LWAPs in H-REAP mode. The LWAPs are servicing 2-3 WLANs each. Some are using central authentication and local switching, some are configured for central authentication and central switching. When the LWAPs fail from one WLC to another WLC, the LWAP's lose all of their VLAN mappings and pick up the VLAN of the management interface on the new WLC.
All WLANs are configured to use the management interface on the WLC and the VLAN mappings are configured per LWAP on the H-REAP properties tab. The WLAN ID numbers and all the WLAN settings are the same across all 3 WLC's. I have created AP groups on all 3 WLC's and the AP group config matches across the 3 WLCs.
I can get the LWAPs to keep their VLAN mapping by creating an interface on the WLC with the VLAN ID of the locally switched/remote site VLAN and then setting the interface for the WLAN to the new interface. However, then the WLAN doesn't work, because the centrally located WLC doesn't have the remote site VLAN. It also seems to keep the VLAN mapping if I create the locally switched/remote site VLAN interface on the WLC , and point the WLAN to the management interface. This shouldn't be a necessary step though... In H-REAP with local switching, the LWAPs aren't using the interface on the WLC.
I found a note in the 7.0 WLC config guide that explains why the VLANs are picking up the management interface VLAN, but that same note says the VLAN mappings can be changed per LWAP/WLAN!
From config guide: For hybrid-REAP access points, the interface mapping at the controller for WLANs that is configured for H-REAP Local Switching is inherited at the access point as the default VLAN tagging. This mapping can be easily changed per SSID, per hybrid-REAP access point
Using H-REAP and been able to get the LWAPs to keep the VLAN mapping when failing from one WLC to another?
View 9 Replies
View Related
Nov 30, 2011
I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
"error in creating member"
I've tried different mobility names, via GUI, via CLI and always the same error.
I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
I'm using version 7.0.116.0
View 4 Replies
View Related
Nov 27, 2011
I have two 5508, no anchor, only one SSID with internal web authentication using radius server.Under "Configuring Mobility Groups", Cisco guide says: "If a client roams in web authentication state, the client is considered as a new client on another controller instead of considering it as a mobile client".
I understand that if a client that has already autheticated via web roams between two LAPs that are associated with different WLCs, it has to reathenticate.
View 6 Replies
View Related
Aug 15, 2012
I have to WLC's a 4402 and 5508 in a mobilty group. they are both running 7.0.116.0. They are configured to use Web Authentication. We are having complaints that Users are having to re-authenticate when moving around the office. My theory is they are moving from one WLC to the other and then requiring to re-authenticate.
View 5 Replies
View Related
Feb 1, 2012
I am setting up officeexten. I have placed the officeextend wlc in the dmz with an mgmt ip of 192.168.10.2. in the process of anchoring this to the internal wlc. Also the ip on the firewall for this interface is 192.168.10.1
1. does the mobility group need to match the same on the internal wlc ?
2. Now do i need a NAT transnational on the firewall for the external WAN ip (AP primed address say 66.10.10.10) to NAT back to 192.168.10.2 ?
3. The 5508 WLC is running on ver6.0.199.4 (license level base) - will this support office extend?
View 14 Replies
View Related
Aug 7, 2012
After upgrading my 5508s to 7.2.110.0, they are reporting mobility data path errors to one of my WiSMs running 7.0.235.0.
I get these messages on the 5508s reporting that it can't send a ping to the affected WiSM:
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PKT_RECV_ERROR: ethoip.c:341 ethoipSocketTask: ethoipRecvPkt returned error
*ethoipSocketTask: Aug 08 21:15:41.175: %ETHOIP-3-PING_RESPONSE_TX_FAILED: ethoip_ping.c:312 Failed to tx a ping response to <ip address>, rc=5
But maybe there is another clue because I also see in the same log these errors referencing the same WiSM:
*bcastReceiveTask: Aug 08 21:15:45.310: %LOG-1-Q_IND: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
*mmSSHPeerRegister: Aug 08 21:15:44.829: %MM-1-SSHRULE_CREATE_FAILED: mm_dir.c:1969 Failed to recreate the SSH Rule for <ip address>.
Why is the controller trying to SSH to another controller? Was some SSH related feature added to 7.2 that has been accidentally enabled?
View 4 Replies
View Related
Jan 23, 2012
for some reason our wlan-controllers were build up to be standalone instead of beeing one mobility-group. I would like to change this in order to use all features of HA.
let me describe our scenario: two WLCs 5508 running SW ver. 6
- same subnet
- both are running in master controller mode
- different hostnames, ip-addresses, etc
- all settings for WLANs and AP-groups (exept the APs themselves in these groups) are the same
- in total at this moment we are running around 100 LAPs configured one half on WLC#1, the other half on WLC#2
I don't know exactly why, but when that setting was installed, someone already configuredHA for each accesspoint... e.g.:
- AP#1 primary WLC#1, secondary WLC#2
- AP#2 primary WLC#2, secondary WLC#1 but without WLC#2 knowing the configuration for AP#1 it makes no sense, correct?
so my question is: how should I do the migration in the best way?
is it easy as:
- disabling master controller mode on WLC#2
- configuring both WLCs into one mobility group
--> WLCs are negotiating their configurations for the APs
View 5 Replies
View Related
Feb 4, 2013
I have Cisco Wireless Lan Controller 5508 with 35 (3600 Series Access Points. Do i need to purchase Mobility Service Engine for this or no need? Do i need WCS server for this or no need?
View 1 Replies
View Related
Oct 24, 2011
As we all know, MS has changed the default workgroup names in different versions of windows. Additionally, you can rename your workgroup anything you like. I have XP, Vista, and Win7 computers, a television, BluRay player, a Wii, two printers, and a NAS with two USB drives attached. All of these -except the Win7- are wired to one of two switches. I have wireless: iPad, the Win7 notebook, Nintendo DSs. I have friend, and non-friend machines (computers, tablets, and phones) that come and go that are wired or wireless. The 3 windows computers all have the same workgroup name. All of my other units do not use workgroup names. I have a router, and two unmanaged switches, and have, on occasion, a second router. The main router, which has wired, and dual band wireless (each with two named wireless networks) nets, sees everything, by name and/or MAC address. Win7 is blind, deaf, and dumb.: it shows its own workgroup name, but no other workgroup name(s) , and, consequently, no unit on these other workgroups. It will show some wired units not in a workgroups - the television, and the printers (not the Wii or NAS). It will not show the wired XP computer! No wireless units either in workgroups or not in workgroups appear. Additionally, Win7 only shows units on its wireless network, not on the other three. The wired units it does show are not on any of the wireless networks, though it lists them on its wireless network.I have left the Homegroup, and terminated the Homegroup services. I have allowed discovery, and unlimited sharing of everything on every computer on the router, and yet the Win7 unit does not share or see well at all.Why?
View 2 Replies
View Related
Jan 24, 2011
I have 2 routers ( Cisco 3845's) both running identical IOS's. Each router has identical 5 networks on it with one network each being different.I have HSRP set up on the identical 5 networks.Your standard Fail over senario.ON one of the routers one network is not seeing the other router in the same network, Will not Ping or traceroute.And HSRP stopped working ( both were thinking they were active. which of course brought the network to a halt. Non of the interfaces has any ACL on them, They are plugged into a Brand new Cisco 3560v2 switch. I have switches out the cables to eliminate that as an issues.
View 1 Replies
View Related
Oct 4, 2011
I currently have a content group as follows;
content My_Group
add service blade1
add service blade2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie
[code]...
So I have 3 blades which are proxy servers and user go first to an MS ISA server then the VIP of the CSS and then the rules processes them give them a blade and chuck them out onto the Internet.
I want to leave the above rule, but remove one blade create an additional content group with that blade and have it process requests for a particular site so, I would create the following
content My_Group2
add service blade3
vip address 1.2.3.4
advanced-balance arrowpoint-cookie
[code]...
So my question is can I do that having the same VIP's etc so if a request comes in and it matches www.thewebsite.com that the second content rule matches it 'better' and therefore processes it or would it still be caught by the "/*" content group. I don't want to create more VIPS as I have a real ache getting firewall rules done.
View 9 Replies
View Related
Jan 14, 2013
I have multiple campuses and a Central Admin...I've created Groups for all, except I need a few devices within Central to be available to the Campus Admins... (ie..a Cisco WCS System) How do I allow a device to be put into multiple NDG groups?
View 1 Replies
View Related
Nov 20, 2011
I have a new deployment of 44 3502i AP's in 3 buildings at one of my campus'.The 5508 wlc is running latest 7.0.116.0 code.I have some users who take their work with them as they go from location to location on this campus.They need to be able to smoothly switch from AP to AP without having to reauthenticate each time the next AP takes over in the handoff.On the ssid in question we run 802.1x back to 1 auth server; there is no failover auth server.All APs are in one AP Group.My thought is to add all 44 of the APs to one HREAP Group.
View 4 Replies
View Related
Mar 15, 2011
Did any know that how many AP Groups can be created by one Controller? (5508) May I have 100 AP Groups?
View 3 Replies
View Related
May 3, 2012
web authenticate users within a specific Active Directory Security Group. I tried to authenticate over Radius with Cisco Secure ACS and Network Access Restrictions. But NAR only works with Layer 2 authentication. And Web Authentication over LDAP can only be used with User Objects.
View 5 Replies
View Related
Feb 24, 2013
i have a question about multiple TACACS Groups. I want to archive the following:
A Cisco 888 is managed by me and a Provider Support Team. Since we both want to access our own TACACS Server, i want to create two TACACS Groups. Is it possible to me, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ? Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in V LAN 1.
The service technicians from the Provider are connecting to the external Interface or through a possible Lo. (another IP). I do not want to mix our 2 TACACS+ Server and theirs together in one Group. So have anybody tried this before ?
View 8 Replies
View Related
Feb 29, 2012
Im configuring a WLC 5508 ( version 7 ) with h-reap local switching.All is working , yet i wonder if the vlan mapping can be done better.Currently i need to go into each Lightweight Access point , enable h-reap, then set the native vlan , with the final step to map the vlan. This needs to be done for each AP. In an environment of 100's of APs i would take forever. ( i thought one of the main points of the WLC is centralized management).
View 1 Replies
View Related
Feb 15, 2011
We have multiple RA VPN groups on a 3845 router.RADIUS authentication is currently happening between the 3845 and a single Windows 2008 server. We have a specific windows group that AD users are members of, and they are allowed to connect via VPN.
I'm creating a new RA VPN Group, which should only allow different AD users. Is it possible to create another RADIUS association to the same server, or do I need to authenticate against a different Windows server?
View 1 Replies
View Related
May 13, 2013
I am trying to build a new network from scratch, I have the WLC 5508 w/ Aironet 3600e APs connected to my Netgear Smart Switches and a Linksys RV082 router that I'm using as my DHCP server with several VLANs for several stuff on my Switches.
I have 2 questions:
1. Can I have 5 Interfaces configured on 5 different VLANs, each SSID on each a different Port:
Port 1: Controller management only=> 192.168.x.x /24
Port 2: SSID 1: WiFi Internal=> 172.16.x.x/12 (Radius Auth with no sharing)
Port 3: SSID 2: WiFi Internal w/ sharing=> 192.168.x.x/24 (Radius Auth with sharing)
Port 4 :SSID 3: WiFi Guest=> 10.0.x.x/8 (Web Auth)
Port 5: SSID 4: WiFi IT=> 192.168.x.x/24 ( Radius or certificate Auth with access to the controller management interface)
2. How can I use the Controller as the DHCP server for all the WiFi traffic, and how should that be configured to work with my other DHCP server?
View 3 Replies
View Related
May 4, 2011
I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
View 1 Replies
View Related
Dec 12, 2011
I created some User Defined Groups in LMS 4.1, now I want to apply certain fault notification groups to Event Sets.
Unfortunately the Groups I configured are not in the Group Selector of the Fault Notification Group: Admin > Network > Notification and Action Settings > Fault Notification Group
View 3 Replies
View Related
