HA Fast Failover

    Posted Jun 24, 2014 03:47 PM

    Hey guys...got a quick question. I'm trying to setup HA Fast Failover on a new enviroment. I have 1 Master controller which sets in our Main Datacenter and a local controller which sits on our campus. I'd like a Master/Standby scenerio that has all AP's on campus connecting to the local controller. Only when the Local controller fails or goes down to I want that traffic to be handled by the Master.


    I have my HA group setup and I did setup the configuration to have the Local act as the Active and the Master act as the Standby using both of there loop back addresses. Well this didn't work and in fact the two test AP's i have on these controllers actually lost communication. They wouldn't come back online until I set both of them up as "DUAL" instead of Active Standby. I've looked over the documentation and it seems very straight forward. Both controllers are in the same HA group.


    Any advice.

    Posted Jun 24, 2014 11:04 PM

    Instead of answering your question first, I think a question to you must be asked first.


    You mentioned that your controllers are in different parts of your network physically.  Logically though, is your master controller capable of putting the wireless clients on the same VLAN(s) as our local controller?  If not, your wireless APs will failover to your master controller and all the clients will have to re-IP.  There would not be any benefit in setting up Fast Failover if that's the case.  Just want to clear that up before proceeding.

    Posted Jun 25, 2014 07:31 AM

    Your right. logically i'm in a bit of an issue. My master controller has no access to the VLAN/subnets that hte SSIDs are essentially assigned to. May need to take another look at this and possibly use a 2nd Local controller on campus. Fail between both of them.

    Posted Jun 25, 2014 07:33 AM

    That would definitely be the recommended configuration.

    Posted Jun 25, 2014 05:14 AM

    First of all make sure that all your network connectivty is working very and as I can see from your scenario youhave 1 master 1 local and you want to terminate access point on local if everything works well and fail to master if local fail right?!


    the best scneario is to setup tunnel normally between the 2 controllers typeing :


    on Maste:


    localip x.x.x.x IPSEC <key>



    on local:


    Masterip x.x.x.x IPSEC <key>


    now you should note that the tunnel will be intiated from the controller interface IP for example if you use Iterface VLAN 30 as the controller source vlan it will be intiated from this VLAN


    to verify the tunnel :


    type on both controllers:


    show crypto IPSEC SA



    now lets get back to our main issue (AP fast Fail over):



    you can do that through HA profiles you can use this tool to get CLI for many solutions and youwill find Fast fail over




    now create AP system and put in LMS <the local IP addrress>

    and on Backup LMS <Master IP>

    and check LMS preemption box if you want the access point get back to teh controller when it available back again

    you will need centeralized license if you have no license terminated on local controller use centralized license to get license from Master


    now on AP side on DHCP server that give IP to access points make sure to use Option 43 with the IP address of the controller (Local) so access point can discover the controller.


    if you found my solution solvent kindly hit accept as a solution.