I had a quick visit to Dubai and went to the City of Gold which is a popular gold market place. You'll see a lineup of gold retail stores and souvenir shops within the area. Not too far away you'll find Dubai Creek and the Dubai Old Souk Station where you can ride an Abra water taxi for just 1 Dirham. The boat ride was an unforgettable experience and you'll see more local shops once you get to the other side of the creek.
Building Redundancy
Building a wireless network with one controller and some APs is straightforward, but it does not address what would happen if the controller fails for some reasons. Adding another controller or two could provide some redundancy, as long as the APs know how to move from one controller to another when the time comes.
Redundancy is best configured in the most deterministic way possible. The following sections explain how you can configure APs with primary, secondary, and tertiary controller fields to implement various forms of redundancy. As you read through the sections, keep in mind that redundant controllers should be configured similarly so that APs can move from one controller to another without having to undergo any major configuration changes.
N+1 Redundancy
The simplest way to introduce HA into a Cisco unified wireless network is to provide an extra backup controller. This is commonly called N+1 or N:1 redundancy, where N represents some number of active controllers and 1 denotes the one backup controller.
By having one backup controller, N+1 redundancy can withstand a failure of only one active controller. As long as the backup controller is sized appropriately, it can accept all of a failed controller's APs. However, once an active controller fails and all its APs rehome to the backup controller, there will be no space to accept any other APs if a second controller fails.
To configure N+1 redundancy, you configure the primary controller field on all APs with the name of an active controller (WLC-A, for example). The secondary controller field is set to the name of the backup controller (WLC-Z).
I've added a Secondary WLC (WLC2) in my wireless lab in order to test out N+1 high availability with the Primary WLC1. WLC1 Management IP address is 192.168.1.4/24 while WLC2 is 192.168.1.5/24.
You can use the show redundancy summary command to verify which WLC is acting as Primary or Secondary.
(Cisco Controller) >show redundancy ?
summary Display Redundancy Facilitator States.
(Cisco Controller) >show redundancy summary
Type of the Unit = Primary // WLC1
(Cisco Controller) >show redundancy summary
Type of the Unit = Secondary // WLC2
To test AP failover to Secondary WLC2, I've shutdown WLC1 (port 1) on SW1 FastEthernet0/13.
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
APf872.eaa6.e203 Fas 0/14 161 T B I AIR-CAP26 Gig 0
WLC1 Fas 0/13 168 H AIR-CT250 Gig 0/0/1
WLC2 Fas 0/16 136 H AIR-CT250 Gig 0/0/1
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fastethernet0/13
SW1(config-if)#shutdown
AP1 generated failover logs below:
*Apr 12 22:03:50.107: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:1 Source MAC:0432.f407.5527
*Apr 12 22:20:37.103: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:1
*Apr 12 22:21:54.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.4:5246
*Apr 12 22:21:55.055: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 12 22:21:55.083: %LWAPP-4-CLIENTEVENTLOG: Not sending change state post as the radio admin is down, lrad state = 5
*Apr 12 22:21:55.087: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Apr 12 22:21:55.087: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Apr 12 22:21:55.091: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:21:55.711: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:21:56.087: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:21:56.115: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:21:56.123: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:21:57.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:21:57.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:21:57.143: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:21:57.151: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:21:57.159: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:21:58.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:21:58.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:21:58.179: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:21:59.179: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:22:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.5 peer_port: 5246
*Apr 12 22:22:01.431: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.5 peer_port: 5246
*Apr 12 22:22:01.431: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.5
*Apr 12 22:22:02.059: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:22:02.127: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:22:02.935: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:22:03.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:22:03.567: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC2
*Apr 12 22:22:03.687: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:22:03.807: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:22:03.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:22:03.935: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Apr 12 22:22:04.547: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:22:04.715: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:22:04.723: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:22:04.731: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:22:05.715: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:22:05.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:22:05.751: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:22:06.751: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
You can verify if the AP joined WLC2 by going to Wireless > Access points or issue a show ap summary command in CLI.
(Cisco Controller) >show ap summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients
------------------ ----- -------------------- ----------------- ---------------- ------- --------------- -------
APf872.eaa6.e203 2 AIR-CAP2602I-S-K9 f8:72:ea:a6:e2:03 default location SG 192.168.1.6 0
SW1(config)#interface fastethernet0/13
SW1(config-if)#no shutdown
SW1(config-if)#
*Mar 1 02:15:51.327: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to down
*Mar 1 02:15:53.558: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up
*Mar 1 02:15:54.565: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to up
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
APf872.eaa6.e203 Fas 0/14 164 T B I AIR-CAP26 Gig 0
WLC1 Fas 0/13 131 H AIR-CT250 Gig 0/0/1
WLC2 Fas 0/16 160 H AIR-CT250 Gig 0/0/1
AP1 re-joined the Primary WLC1:
*Apr 12 22:22:30.899: %CLEANAIR-6-STATE: Slot 0 disabled
*Apr 12 22:22:30.899: %CLEANAIR-6-STATE: Slot 1 disabled
*Apr 12 22:26:01.859: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.5:5246
*Apr 12 22:26:01.919: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 12 22:26:01.943: %LWAPP-4-CLIENTEVENTLOG: Not sending change state post as the radio admin is down, lrad state = 5
*Apr 12 22:26:01.943: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Apr 12 22:26:01.943: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Apr 12 22:26:01.947: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:02.567: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:26:02.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:02.975: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:26:02.983: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:26:03.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:03.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:26:04.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:26:04.011: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:26:04.019: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:26:05.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:26:05.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:05.039: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:06.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.4 peer_port: 5246
*Apr 12 22:26:18.427: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.4 peer_port: 5246
*Apr 12 22:26:18.427: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.4
*Apr 12 22:26:19.971: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:26:19.975: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:26:20.643: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC1
*Apr 12 22:26:20.767: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:21.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:21.023: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Apr 12 22:26:21.095: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:26:21.103: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:26:21.767: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:26:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:22.131: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:26:22.139: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:26:22.147: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:26:23.131: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:26:23.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:23.167: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:24.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:41.643: %CLEANAIR-6-STATE: Slot 0 disabled
*Apr 12 22:26:41.643: %CLEANAIR-6-STATE: Slot 1 disabled
Building Redundancy
Building a wireless network with one controller and some APs is straightforward, but it does not address what would happen if the controller fails for some reasons. Adding another controller or two could provide some redundancy, as long as the APs know how to move from one controller to another when the time comes.
Redundancy is best configured in the most deterministic way possible. The following sections explain how you can configure APs with primary, secondary, and tertiary controller fields to implement various forms of redundancy. As you read through the sections, keep in mind that redundant controllers should be configured similarly so that APs can move from one controller to another without having to undergo any major configuration changes.
N+1 Redundancy
The simplest way to introduce HA into a Cisco unified wireless network is to provide an extra backup controller. This is commonly called N+1 or N:1 redundancy, where N represents some number of active controllers and 1 denotes the one backup controller.
By having one backup controller, N+1 redundancy can withstand a failure of only one active controller. As long as the backup controller is sized appropriately, it can accept all of a failed controller's APs. However, once an active controller fails and all its APs rehome to the backup controller, there will be no space to accept any other APs if a second controller fails.
To configure N+1 redundancy, you configure the primary controller field on all APs with the name of an active controller (WLC-A, for example). The secondary controller field is set to the name of the backup controller (WLC-Z).
I've added a Secondary WLC (WLC2) in my wireless lab in order to test out N+1 high availability with the Primary WLC1. WLC1 Management IP address is 192.168.1.4/24 while WLC2 is 192.168.1.5/24.
To configure N+1 Redundancy on the Primary WLC1, go to Wireless > Access Points > Global Configuration > type the
Backup WLC IP Address (192.168.1.5) and Controller Name (WLC2) > click Apply.
Configure an AP associated on WLC1 for High Availability under Wireless > Access Points.
Click a specific AP Name >
go to High Availability tab.
Type the Primary and
Secondary Controller Name (case sensitive) and Management IP Address.
Configure a Mobility Group on both WLC1 and WLC2 by going to
Controller > Mobility Management >
Mobility Groups > New. Take note of the Member IP Address and MAC
Address on each WLC.
On WLC1, type the
Member IP Address (192.168.1.5) and MAC Address (c8:00:84:50:96:c0) of WLC2
> click Apply.
Notice the Status of Control
and Data Path is Down.
On WLC2, type the
Member IP Address (192.168.1.4) and MAC Address (10:f3:11:a5:49:80) of WLC1
> click Apply.
Click Refresh (on
the upper-right hand corner above Home) to view the Status changed to Control
Path Down to Up.
The Mobility Group Status on WLC1 also went Up (click Refresh). Click Save Configuration.
Enable both AP
Fallback and HA SKU secondary unit on WLC2 > click Apply > Save
Configuration.
In WLC2 CLI, type config redundancy unit secondary command.
(Cisco Controller) >config ?
802.11-a49 Configures 802.11a 4.9 subband parameters.
802.11-a58 Configures 802.11a 5.8 subband parameters.
802.11-abgn Configures 802.11-abgn parameters.
802.11a Configures 802.11a parameters.
802.11b Configures 802.11b parameters.
802.11h Configures 802.11h parameters.
aaa Configures AAA related items.
acl Configures Access Control Lists.
advanced Advanced Configuration.
ap Configures Cisco APs
assisted-roaming Configures Assisted Roaming Global Parameters.
auth-list Configures ap authorization list.
auto-configure Single command to auto-configure.
avc Configures AVC (Application Visibility and Control).
band-select Configures Band Select.
boot Configures the default boot image.
ccx-lite Enable or disable CCX-lite feature
cdp Configure Cisco Discovery Protocol
certificate Configures SSL Certificates.
client Configures a client.
coredump Configures the Core Dump Setting
country Configure the countries of operation.
cts Configure Cisco TrustSec SXP Protocol
custom-web Configures the custom web authentication page.
database Configures the local database
dhcp Configures system dhcp server.
exclusionlist Manages exclusion-list.
flexconnect Configure controller flexconnect parameters.
flow Configure flow.
guest-lan Configures the Wireless LAN Network.
icons Configures the ICON details.
interface Configures system interfaces.
ipv6 Configure IPv6 related parameters.
lag Enables/Disables Link Aggregation (LAG)
ldap Configures LDAP servers (ipv4 or ipv6).
license Configure software license parameters.
linktest Configures linktest frame size and number of frames to send.
load-balancing Configures Aggressive Load Balancing.
local-auth Configures Local EAP Authentication.
location Configure Location parameters
logging Configures Logger parameters.
loginsession Manage User Connections to the Switch.
macfilter Configure static MAC filtering.
mdns Configures mDNS Services/Profiles
media-stream Configure Media Stream
memory Configures memory monitoring for certain types of errors/leaks.
mesh Config mesh ap parameters.
mgmtuser Manages local management user accounts.
mobility Configures the Inter-Switch Mobility Manager
msglog Configures the system msglog parameters.
netuser Configures network user policies and local network user accounts.
network Configuration for inband connectivity.
nmheartbeat Configures the network manager heartbeat Setting
nmsp Configure NMSP parameters.
oeap-acl Configures Access Control Lists for OEAP Split Tunnel.
paging enable or disable scrolling the page.
passwd-cleartext Enable or Disable the showing of passwd in cleartext
policy Configure native profiling policy.
port Configures port mode and physical settings.
profiling Enabling Local profiling update
prompt Change the system prompt.
qos Configure qos parameter.
radius Configures RADIUS Servers.
redundancy Configure WLC redundancy parameters
remote-lan Configures Remote LAN Connections.
rf-profile Configures RF Profile parameters.
rfid Configure options for RFID tag tracking
rogue Configures rogue devices.
serial EIA-232 parameters and serial port inactivity timeout.
service Modify network based services.
sessions Configure CLI session parameters.
slot Configures the slot
snmp Configures SNMP.
split-tunnel-network-list Configure split tunnel network lists. Only become active in split tunnel mode 2.
stats-timer Configures system stats timer.
switchconfig Configure parameters that apply to the switch.
sys-nas Configures the system nas id.
syslog Configures the system syslog mode.
sysname Configures the system name.
tacacs Configures TACACS+ Servers.
time Configures system time or servers.
trapflags Enable or Disable trap flags that apply to the switch.
wgb Configure WGB related parameters
wlan Configures the Wireless LAN Network.
wps Configures WPS settings.
(Cisco Controller) >config redundancy ?
unit Configure redundancy unit [primary | secondary]
(Cisco Controller) >config redundancy unit ?
primary Redundancy unit type is primary
secondary Redundancy unit type is secondary
(Cisco Controller) >config redundancy unit secondary
802.11-a49 Configures 802.11a 4.9 subband parameters.
802.11-a58 Configures 802.11a 5.8 subband parameters.
802.11-abgn Configures 802.11-abgn parameters.
802.11a Configures 802.11a parameters.
802.11b Configures 802.11b parameters.
802.11h Configures 802.11h parameters.
aaa Configures AAA related items.
acl Configures Access Control Lists.
advanced Advanced Configuration.
ap Configures Cisco APs
assisted-roaming Configures Assisted Roaming Global Parameters.
auth-list Configures ap authorization list.
auto-configure Single command to auto-configure.
avc Configures AVC (Application Visibility and Control).
band-select Configures Band Select.
boot Configures the default boot image.
ccx-lite Enable or disable CCX-lite feature
cdp Configure Cisco Discovery Protocol
certificate Configures SSL Certificates.
client Configures a client.
coredump Configures the Core Dump Setting
country Configure the countries of operation.
cts Configure Cisco TrustSec SXP Protocol
custom-web Configures the custom web authentication page.
database Configures the local database
dhcp Configures system dhcp server.
exclusionlist Manages exclusion-list.
flexconnect Configure controller flexconnect parameters.
flow Configure flow.
guest-lan Configures the Wireless LAN Network.
icons Configures the ICON details.
interface Configures system interfaces.
ipv6 Configure IPv6 related parameters.
lag Enables/Disables Link Aggregation (LAG)
ldap Configures LDAP servers (ipv4 or ipv6).
license Configure software license parameters.
linktest Configures linktest frame size and number of frames to send.
load-balancing Configures Aggressive Load Balancing.
local-auth Configures Local EAP Authentication.
location Configure Location parameters
logging Configures Logger parameters.
loginsession Manage User Connections to the Switch.
macfilter Configure static MAC filtering.
mdns Configures mDNS Services/Profiles
media-stream Configure Media Stream
memory Configures memory monitoring for certain types of errors/leaks.
mesh Config mesh ap parameters.
mgmtuser Manages local management user accounts.
mobility Configures the Inter-Switch Mobility Manager
msglog Configures the system msglog parameters.
netuser Configures network user policies and local network user accounts.
network Configuration for inband connectivity.
nmheartbeat Configures the network manager heartbeat Setting
nmsp Configure NMSP parameters.
oeap-acl Configures Access Control Lists for OEAP Split Tunnel.
paging enable or disable scrolling the page.
passwd-cleartext Enable or Disable the showing of passwd in cleartext
policy Configure native profiling policy.
port Configures port mode and physical settings.
profiling Enabling Local profiling update
prompt Change the system prompt.
qos Configure qos parameter.
radius Configures RADIUS Servers.
redundancy Configure WLC redundancy parameters
remote-lan Configures Remote LAN Connections.
rf-profile Configures RF Profile parameters.
rfid Configure options for RFID tag tracking
rogue Configures rogue devices.
serial EIA-232 parameters and serial port inactivity timeout.
service Modify network based services.
sessions Configure CLI session parameters.
slot Configures the slot
snmp Configures SNMP.
split-tunnel-network-list Configure split tunnel network lists. Only become active in split tunnel mode 2.
stats-timer Configures system stats timer.
switchconfig Configure parameters that apply to the switch.
sys-nas Configures the system nas id.
syslog Configures the system syslog mode.
sysname Configures the system name.
tacacs Configures TACACS+ Servers.
time Configures system time or servers.
trapflags Enable or Disable trap flags that apply to the switch.
wgb Configure WGB related parameters
wlan Configures the Wireless LAN Network.
wps Configures WPS settings.
(Cisco Controller) >config redundancy ?
unit Configure redundancy unit [primary | secondary]
(Cisco Controller) >config redundancy unit ?
primary Redundancy unit type is primary
secondary Redundancy unit type is secondary
(Cisco Controller) >config redundancy unit secondary
You can use the show redundancy summary command to verify which WLC is acting as Primary or Secondary.
(Cisco Controller) >show redundancy ?
summary Display Redundancy Facilitator States.
(Cisco Controller) >show redundancy summary
Type of the Unit = Primary // WLC1
(Cisco Controller) >show redundancy summary
Type of the Unit = Secondary // WLC2
You’ll need to reboot WLC2 for AP failover to take effect.
You can reboot the WLC under Commands >
Reboot > Reboot.
To test AP failover to Secondary WLC2, I've shutdown WLC1 (port 1) on SW1 FastEthernet0/13.
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
APf872.eaa6.e203 Fas 0/14 161 T B I AIR-CAP26 Gig 0
WLC1 Fas 0/13 168 H AIR-CT250 Gig 0/0/1
WLC2 Fas 0/16 136 H AIR-CT250 Gig 0/0/1
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface fastethernet0/13
SW1(config-if)#shutdown
AP1 generated failover logs below:
*Apr 12 22:03:50.107: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:1 Source MAC:0432.f407.5527
*Apr 12 22:20:37.103: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:1
*Apr 12 22:21:54.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.4:5246
*Apr 12 22:21:55.055: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 12 22:21:55.083: %LWAPP-4-CLIENTEVENTLOG: Not sending change state post as the radio admin is down, lrad state = 5
*Apr 12 22:21:55.087: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Apr 12 22:21:55.087: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Apr 12 22:21:55.091: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:21:55.711: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:21:56.087: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:21:56.115: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:21:56.123: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:21:57.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:21:57.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:21:57.143: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:21:57.151: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:21:57.159: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:21:58.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:21:58.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:21:58.179: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:21:59.179: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:22:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.5 peer_port: 5246
*Apr 12 22:22:01.431: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.5 peer_port: 5246
*Apr 12 22:22:01.431: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.5
*Apr 12 22:22:02.059: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:22:02.127: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:22:02.935: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:22:03.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:22:03.567: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC2
*Apr 12 22:22:03.687: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:22:03.807: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:22:03.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:22:03.935: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Apr 12 22:22:04.547: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:22:04.715: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:22:04.723: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:22:04.731: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:22:05.715: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:22:05.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:22:05.751: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:22:06.751: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
You can verify if the AP joined WLC2 by going to Wireless > Access points or issue a show ap summary command in CLI.
(Cisco Controller) >show ap summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients
------------------ ----- -------------------- ----------------- ---------------- ------- --------------- -------
APf872.eaa6.e203 2 AIR-CAP2602I-S-K9 f8:72:ea:a6:e2:03 default location SG 192.168.1.6 0
I’ve re-enabled WLC1 on SW1.
SW1(config)#interface fastethernet0/13
SW1(config-if)#no shutdown
SW1(config-if)#
*Mar 1 02:15:51.327: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to down
*Mar 1 02:15:53.558: %LINK-3-UPDOWN: Interface FastEthernet0/13, changed state to up
*Mar 1 02:15:54.565: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to up
SW1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
APf872.eaa6.e203 Fas 0/14 164 T B I AIR-CAP26 Gig 0
WLC1 Fas 0/13 131 H AIR-CT250 Gig 0/0/1
WLC2 Fas 0/16 160 H AIR-CT250 Gig 0/0/1
AP1 re-joined the Primary WLC1:
*Apr 12 22:22:30.899: %CLEANAIR-6-STATE: Slot 0 disabled
*Apr 12 22:22:30.899: %CLEANAIR-6-STATE: Slot 1 disabled
*Apr 12 22:26:01.859: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.5:5246
*Apr 12 22:26:01.919: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 12 22:26:01.943: %LWAPP-4-CLIENTEVENTLOG: Not sending change state post as the radio admin is down, lrad state = 5
*Apr 12 22:26:01.943: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Apr 12 22:26:01.943: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Apr 12 22:26:01.947: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:02.567: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:26:02.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:02.975: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:26:02.983: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:26:03.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:03.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:26:04.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:26:04.011: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:26:04.019: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:26:05.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:26:05.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:05.039: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:06.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.4 peer_port: 5246
*Apr 12 22:26:18.427: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.4 peer_port: 5246
*Apr 12 22:26:18.427: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.4
*Apr 12 22:26:19.971: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:26:19.975: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:26:20.643: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC1
*Apr 12 22:26:20.767: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:21.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:21.023: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Apr 12 22:26:21.095: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 22:26:21.103: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 22:26:21.767: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 22:26:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:22.131: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 22:26:22.139: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 22:26:22.147: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 22:26:23.131: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 22:26:23.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 22:26:23.167: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 22:26:24.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 22:26:41.643: %CLEANAIR-6-STATE: Slot 0 disabled
*Apr 12 22:26:41.643: %CLEANAIR-6-STATE: Slot 1 disabled