How to build redundancy with Cisco 2504 WLC at remote location

kisssanyi · ‎02-09-2016

Dear Experts,

We would like to raise the fault tolerance on a higher level with our wireless network.

We have a headquarter and some larger remote offices around Europe where we are using a single Cisco 2504 WLC and 4-5 Access Points per site.

At smaller offices we are using Flexconnect AP with local switching, where Flexconnect AP connects to headquarters WLC.

My question is how can I survive a WLC hardware issue at one location while internet access is working properly? Is there any way to act APs at headquarter like a flexconnect AP in case they loose connectivity with local WLC? I mean they will be managed by a WLC from a large office in different country, but user traffic would be switched locally.

I don't want to send CAPWAP encrypted traffic from AP to WLC in different Country, because user traffic will load not only the local internet line but remote location internet connection as well, where WLC would decrypt the traffic end send user request to the internet.

Hereby a simple topology diagram is attached.

Sorry for my bad english, but hope you get my concern...

Any advise and help is highly appreciated!

Thank you!

Sandor

Freerk Terpstra · ‎03-06-2016

Hi Sandor,

You can deploy FlexConnect for your bigger locations as well if you want to (I have done this myself for some customers who bought the vWLC solution). The big downside of this is that your client VLANs need to be everywhere where the access-points are because there is no tunneling anymore. This also means that the client's point-of-presence within the network will move with every roam which can cause MAC flaps depending on your LAN design. Because of this I recommend you to just buy another 2504 for every "HA" location instead (search for the mobility bundles which provides a free 2504 with 25 licenses when you buy two access-points).

For the FlexConnect locations just configure multiple controllers under the HA tab of the access-point so you have predictive fail-over. Make sure that the "local switching" setting is enabled on all the controllers which you will use for this. This setting has no impact for joined access-points in "local mode". Also check that the WLAN-VLAN mappings still work during the fail-over and after the fail-back. If you use FlexConnect groups make sure that the MAC addresses of the access-points are added on all controllers. This needs to be done on all controllers manually.

Please rate useful posts... :-)

kisssanyi · ‎03-25-2016

Hi Freerk,

Thank you very much for your precise suggestion.

To be honest I was thinking on these possibilities:

- Deploy 2 WLC in HA to 2 large offices (like two HQ) and configure remote location FlexConnect APs to connect to these WLCs (of course they would use local switching). This would be the most fault tolerant solution.

- Deploy 1-1 WLC to 2 large offices and convert their APs to Flexconnect AP. With this we could face MAC flaps as you described and we would loose traffic type statistics.

- Deploy 1-1 WLC to 2 large offices and configure router faceing wtih ISP router to act as DHCP server. It could propagate option values to APs with WLC IP addresses. When the APs would loose connection to local WLC they would receive remote WLC IP via DHCP and would be converted to Flexconnect AP automatically. But switchback could be solved just with some EEM scripting which would reset APs when local WLC comes back. Too difficult solution I think.

In sum your proposal seems to be the most professional solution, so I'll implement that one if I get budget for it. :-)

Thanks,

Sandor