Wireless Access

Hi,

I have a setup whereby existing site A has 1 pair of WLC running as Master & Standby Master and currently terminating APs at site A.

Due to the cost issue, the new site B will only have a WLC running as Local WLC. APs at site B has been configured such that the Primary LMS is the IP of the Local WLC at site B and Backup LMS is the VRRP IP of the 2 WLC at site A.

Since both the Master and Local WLC is at a different network, do I need to include the WLAN vlan of Site B in the Master WLC?

And I can still use "Tunnel" as the forward mode for the virtual AP profile.

Background: I have successfully provisioned the AP, and the current switch the AP is reporting is the Local WLC at site B.

When an AP fails over, it obtains a new configuration from the new controller, based on the AP-Group.  It can be completely different including the VLAN.

Hi cjoseph, thank you for your quick response.

In that case, if the new SSID for the client in the new Site B is using Vlan 80, it is a must to configured on the Local WLC at Site B. 

My question will be, do I also need to configure Vlan 80 on the Master WLC which is at Site A?

If it is not necessary, how does the wireless client traffic at Site B transit when the Local WLC at site B failover. 

The local controller can only be configured by the master with a global configuration.  What must be t is thehe same is the WLAN name, encryption excetera.  If you configure the VLAN number, it must be the same.  What is typically done is that you configure a VLAN name on the master and that is pushed to the local, but the VLAN name to number mapping is configured at the local to match whatever you have at the local site, on the local controller.  For example:

WLAN = Employee

VLAN = Employee (Master)

Vlan name Employee = 25 on the master

Vlan name Employee = 50 on the local

When the access point fails over from the master to the local, a deauth is sent to the client, so the client acquires a new ip address based on the VLAN on the local.

Hi cjoseph,

I a bit confuse with your explaination. Maybe i will attached a drawing to clear our understanding.

In the drawing, exising site A has AP boardcasting SSID called EmployeeA, vlan 75. In the new site B, AP will be boradcasting SSID called EmployeeB, vlan 25.

Primary LMS is the Local WLC at Site B, backup LMS is the Master WLC at Site A. My main question is, do we need to include vlan 25 (EmployeeB) on the Master WLC?

topology

If you are not using that VLAN at that site, NO. 

Hi cjoseph,

Noted that. But could you explain briefly, how will the client traffic being process in the event when the Local WLC in Site B is down. Because I cannot understand how is it able to work out without including the VLAN of site B at the Master controller at site A?

When the access point fails over. it re-downloads the configuration on the controller it is connected to and send it to that vlan.

Hi Joseph,

I have tried to fail over the AP. The AP did failover to the Master WLC at remote site. However, the wireless client lost its IP address and cannot connect to AP.

Can you advice?

The problem is that the AP does not deauthenticate the client, so the client believes it is still on the same VLAN.

Do you have Control Plane Security enabled?

Hi Joseph,

Yes, CP Sec is turned on. I have just read an article from https://tinyurl.com/y44awwpq 

"Role of Local:

I was asking about CPSEC, because APs should deauth clients when they fail over, so the clients should re-dhcp and obtain a new ip address.