When an AP is fully joined to a controller, the AP learns of all the controllers configured in that mobility group. Should the controllers that an AP is currently registered with go down, the AP will send discoveries to any and all controllers in the mobility group. Assuming one of the controller has the capacity to accept the AP, the AP should join the least loaded controller it can find. If many controllers in the mobility group, it can be difficult to determine what controller the APs will join should their current controller fail.
If you want to have more control over how the APs move between controllers on your network, you can configure the APs with Primary, Secondary & Tertiary controller names. With the controller name configured on APs, the APs always try to register the primary controller first. Should the primary controller go down, the AP tries to register with the secondary controller. If the AP is not able to join any of the configured controllers, it try to join any controller with Master Controller setting configured, or if no Master Controller, then the least loaded controller in the Mobility Group.
AP Failover priority can be used to determine who will register for a controller if there is a contention. You can configure your wireless network so that the backup controller recognize a join request from a higher priority AP and if necessary disassociates a lower priority AP as a means to provide an available port for higher fail over priority AP.
Below show the Primary, Secondary, Tertiary controller settings for a AP.(In High Availabilty tab of AP configuration)
You can configure the same via WLC CLI using following 3 commands.
config ap primary-base <controller_name> <Cisco_AP_name> [controller_IP_Addres]
config ap secondary-base <controller_name> <Cisco_AP_name> [controller_IP_Addre]
config ap tertiary-base <controller_name> <Cisco_AP_name> [controller_IP_Addres]
Here is an example of where I have configured primary,secondary, tertiary controller information for an AP named “1252-c”
(4402-a) >config ap primary-base 4402-a 1252-c 10.10.20.100 (4402-a) >config ap secondary-base 4402-b 1252-c 10.10.10.10 (4402-a) >config ap tertiary-base 4402-c 1252-c 10.10.10.20
Should you want to set a global primary backup and or secondary backup controller for all the APs joined to a particular controller. You can configure this through “Wireless -> All AP -> Global Configuration” section as shown in the below.
You can use CLI to configure this as well.
config advanced backup-controller primary <backup_controller_name> <IP_Address>
config advanced backup-controller secondary<backup_controller_name> <IP_Addres>
Here is the same configuration shown in the above GUI screen capture, if you want to do it via CLI.
(4402-a) >config advanced backup-controller primary 4402-d 10.10.200.10 (4402-a) >config advanced backup-controller secondary 4402-c 10.10.10.20
Following CLI commands can be used to verify those settings.
(4402-a) >show advanced timers Authentication Response Timeout (seconds)........ 10 Rogue Entry Timeout (seconds).................... 1200 AP Heart Beat Timeout (seconds).................. 30 AP Discovery Timeout (seconds)................... 10 AP Local mode Fast Heartbeat (seconds)........... disable AP Hreap mode Fast Heartbeat (seconds)........... disable AP Primary Discovery Timeout (seconds)........... 120 AP Primed Discovery Timeout (seconds)............ 0 (4402-a) >show advanced backup-controller AP primary Backup Controller .................... 4402-d 10.10.200.10 AP secondary Backup Controller .................. 4402-c 10.10.10.20 (4402-a) >show ap config general 3502-d Cisco AP Identifier.............................. 0 Cisco AP Name.................................... 3502-d Country code..................................... Multiple Countries:AU,LK,NZ Regulatory Domain allowed by Country............. 802.11bg:-AE 802.11a:-EN AP Country code.................................. AU - Australia AP Regulatory Domain............................. 802.11bg:-A 802.11a:-N Switch Port Number .............................. 1 MAC Address...................................... 44:d3:ca:af:43:43 IP Address Configuration......................... Static IP assigned IP Address....................................... 10.10.20.4 IP NetMask....................................... 255.255.255.0 Gateway IP Addr.................................. 10.10.20.1 Domain........................................... Name Server...................................... NAT External IP Address.......................... None CAPWAP Path MTU.................................. 1485 Telnet State..................................... Disabled Ssh State........................................ Disabled Cisco AP Location................................ 3750-A Port4 Cisco AP Group Name.............................. default-group Primary Cisco Switch Name........................ 4402-a Primary Cisco Switch IP Address.................. 10.10.20.100 Secondary Cisco Switch Name...................... 4402-b Secondary Cisco Switch IP Address................ 10.10.10.10 Tertiary Cisco Switch Name....................... 4402-c Tertiary Cisco Switch IP Address................. 10.10.10.20 Administrative State ............................ ADMIN_ENABLED Operation State ................................. REGISTERED Mirroring Mode .................................. Disabled AP Mode ......................................... Local Public Safety ................................... Disabled AP SubMode ...................................... Not Configured Remote AP Debug ................................. Disabled Logging trap severity level ..................... informational Logging syslog facility ......................... kern S/W Version .................................... 7.0.116.0 Boot Version ................................... 12.4.2.4 Mini IOS Version ................................ 7.0.112.74 Stats Reporting Period .......................... 180 LED State........................................ Enabled PoE Pre-Standard Switch.......................... Disabled PoE Power Injector MAC Addr...................... Disabled Power Type/Mode.................................. Power injector / Normal mode Number Of Slots.................................. 2 AP Model......................................... AIR-CAP3502I-N-K9 AP Image......................................... C3500-K9W8-M IOS Version...................................... 12.4(23c)JA2 Reset Button..................................... Enabled AP Serial Number................................. FGL1533S1U8 AP Certificate Type.............................. Manufacture Installed AP User Mode..................................... AUTOMATIC AP User Name..................................... Not Configured AP Dot1x User Mode............................... Not Configured AP Dot1x User Name............................... Not Configured Cisco AP system logging host..................... 255.255.255.255 AP Up Time....................................... 0 days, 15 h 37 m 09 s AP LWAPP Up Time................................. 0 days, 14 h 19 m 15 s Join Date and Time............................... Sun Apr 7 08:02:40 2013 Join Taken Time.................................. 0 days, 00 h 01 m 16 s Ethernet Port Duplex............................. Auto Ethernet Port Speed.............................. Auto AP Link Latency.................................. Disabled Rogue Detection.................................. Enabled AP TCP MSS Adjust................................ Enabled AP TCP MSS Size.................................. 1363
When using both the local (primary, secondary, tertiary) and global backup configurations, the locally configured settings take precedence in the event of a controller failure. If an AP is not able to join any of the locally configured controllers, it then tries to join the global backup controllers.
When an AP moves off the primary controller, it joins another controller and stays registered to that controller until the primary controller comes back online. The AP continuous to send primary discovery request every 30s to the configured primary controller. AP primary discovery timeout value is set to 120s by default (it can be value from 30s to 3600s). As soon as the primary controller responds, the AP tries to re-join it.
There may be a situation where APs do not move back to the configured primary controller when that controller is back on the network. When this happens, ensure that AP fallback is enabled under “Controller -> General” section.
If that setting is disabled, the AP remain on the backup controller until you manually reboot them. AP fallback is enabled by default.
To configure AP failover priority, you have to enable this feature globally (“Wireless -> All AP -> Global Configuration”) & then individual APs with a suitable priority level. By default all APs are set to priority level 1 ( Low). Other values are (2- Medium, 3- High, 4-Critical)
Here is the individual AP fail-over priority settings you can choose.
By using CLI you can configure AP fail-over priority as below. To enable this globally you can use “config network ap-priority {enable|disable}” command. Then specify the priority of an AP by entering this CLI command.
config ap priority {1|2|3|4} <Cisco_AP_name>
Here is an example of this CLI usage.
(4402-a) >config network ap-priority enable (4402-a) >config ap priority 3 3502-d
You can verify this by “show network summary” & “show ap summary” CLI output as shown below.
(4402-a) >show ap summary Number of APs.................................... 2 Global AP User Name.............................. Not Configured Global AP Dot1x User Name........................ Not Configured AP Name Slots AP Model Ethernet MAC Location Port Country Priority ------------------ ----- -------------------- ----------------- ---------------- ---- ------- ------ 3502-d 2 AIR-CAP3502I-N-K9 44:d3:ca:af:43:43 3750-A Port4 1 AU 3 1252-c 2 AIR-LAP1252AG-N-K9 c8:4c:75:2c:95:c0 3750-a-PORT3 1 NZ 1 (4402-a) >show network summary RF-Network Name............................. mrn-rfg Web Mode.................................... Disable Secure Web Mode............................. Enable Secure Web Mode Cipher-Option High.......... Disable Secure Web Mode Cipher-Option SSLv2......... Enable Secure Shell (ssh).......................... Enable Telnet...................................... Disable Ethernet Multicast Forwarding............... Enable Ethernet Broadcast Forwarding............... Disable AP Multicast/Broadcast Mode................. Multicast Address : 239.239.239.1 IGMP snooping............................... Enabled IGMP timeout................................ 60 seconds IGMP Query Interval......................... 20 seconds User Idle Timeout........................... 300 seconds ARP Idle Timeout............................ 300 seconds Cisco AP Default Master..................... Disable AP Join Priority............................ Enabled Mgmt Via Wireless Interface................. Disable Mgmt Via Dynamic Interface.................. Disable Bridge MAC filter Config.................... Enable Bridge Security Mode........................ EAP Mesh Full Sector DFS........................ Enable Apple Talk ................................. Disable AP Fallback ................................ Enable Web Auth Redirect Ports .................... 80 Web Auth Proxy Redirect ................... Disable Fast SSID Change ........................... Disabled 802.3 Bridging ............................. Disable IP/MAC Addr Binding Check .................. Enable
.
