Wireless Access

Hello i was wondering if this is possible.

Scenario

Branch with private link and internet connection

It is possible to have a AP on RAP mode, for example an AP 105.  Having it on RAP mode using LMS pointing to the private IP of the controller, and on backup LMS public ip address? so when the private links dies it will fail over to the internet  building the ipsec tunnel and still having connection to the central site via internet?

Cheers

Carlos

Yes.

It is not recommended? or it is okay? :)

If its not recommended why?

The only bad thing i can see of this is that it will create an unesesary ipsec tunnel when traveling though the private link.

Cheers

Carlos

---

@NightShade1 wrote:

It is not recommended? or it is okay? :)

 

If its not recommended why?

 

The only bad thing i can see of this is that it will create an unesesary ipsec tunnel when traveling though the private link.

 

Cheers

Carlos

---

What is your use case?  If you have a private internet connection and the WAN link is down, the internet is probably down too, right?

nope.. the private link its a point to point  link that does not have nothing to do with the internet connection...

Private link at least for me its a link that you can buy to the ISP.

Physically the ISP install you a  transiver in your branch and also install a transiver on the central site.  Your data goes through the ISP network but never goes to internet.

Then you got ANOTHER transiver which leads you to the internet.    You can loose the point to point private link but not ncesary the internet.   In this site the client would like to use the internet as a backup link, that works automatically, for the wireless users.

So at the end there will cases in which the client will loose the private link but not the internet link in both sides.

Cheers

Carlos

---

@NightShade1 wrote:

nope.. the private link its a point to point  link that does not have nothing to do with the internet connection...

 

Private link at least for me its a link that you can buy to the ISP.

 

Physically the ISP install you a  transiver in your branch and also install a transiver on the central site.  Your data goes through the ISP network but never goes to internet.

 

Then you got ANOTHER transiver which leads you to the internet.    You can loose the point to point private link but not ncesary the internet.   In this site the client would like to use the internet as a backup link, that works automatically, for the wireless users.

 

So at the end there will cases in which the client will loose the private link but not the internet link in both sides.

 

Cheers

Carlos

---

What you want with WLAN is to make it deterministic and not complicated.  Once you have to contend with failover/failback and timers between a public vs a private link, you make it more undeterministic.  

Is there a level of uptime that is expected of this site?

Do your users expect the WLAN to be up when the point to point link is down?  

What applications do you expect to continue to work when the point to point is up vs. when it is down?  

What applications do you want to make available?  Will IP addressing still work properly upon failover?

How will applications work if you decide to fail back?

What timers should you have in place to determine when the point to point is down and attempt to fail back when it is up?

Who will provide DHCP for devices upon failover?  

If you just tie uptime of the WLAN to the point to point connection, everything is simpler and you do not have all of these questions to answer...  If the point to point had some redundancy you would manage the entire site by the status of that, instead of having to contend with multiple issues created by redundancy and timers.

Answering your questions

Is there a level of uptime that is expected of this site? yes they would like to have uptime always  to the users that are using wifi

Do your users expect the WLAN to be up when the point to point link is down? yes 

What applications do you expect to continue to work when the point to point is up vs. when it is down?   i would need to ask the client as you are right if they are really heavy apps without terminar services this might not work

What applications do you want to make available?  Will IP addressing still work properly upon failover? I bealive so as i would be doing tunnel mode, so i think that when the connection is lost on the point to point it will fail over to the Internet creating againg the ipsec tunnel but now through the internet instead through the point to point.

How will applications work if you decide to fail back? faster? :)

What timers should you have in place to determine when the point to point is down and attempt to fail back when it is up? isnt  not fail over automatically with the LMS Preemption? when it detects again the wireless controller is up with the other IP?

Who will provide DHCP for devices upon failover?  the central site as it will rebuild the ipsec tunnel through the internet and the vap will be in tunnel mode

Take in mind that this is a small office of a few of users... just 1 AP MAX 2 ap... for now they willl have just one AP.

Cheers

Carlos

Your most expensive recurring cost is the point to point WAN link.  They need to make THAT as resilient as possible and allow the AP to ride the status of that tunnel.  Trying to create a failover infrastructure with a remote AP is more complicated.  If there is just degradation, instead of a pipe being down, do you create unnecessary failover?  There are many more considerations if you do not simply tie the access point to the status of the tunnel..

Welli would need to tell thhen that  before doing it.  To see what the client thinks...

I though that the failover just tied to thge status of the tunnel and thats it.   If he cannot reach the controller anymore then he would switch to the other AP, when he see the point to point IP up again he will switch again with the preempt option.

Yes it is possible that it could do a unesessary fail over for example that the point to point is not working properly and it start failing over on and on... but that could be fixed if the admin just uncheck the preempt option though

Didnt though you would need to think in many things.

Cheers

Carlos

The other thing i forgot telling you is that i feel the client does not really NEED this failover they are like well the AP can do it NICE lets do it  got it? is not like soemthing they really NEED.  They just asked me, can it do that???? if it can nice! lets put it!

Of course with this they expect to be always up with this though, but still i can stil explain them the issues they could have? like for example what you said unecesary fail overs...

Cheers

Carlos

---

@NightShade1 wrote:

The other thing i forgot telling you is that i feel the client does not really NEED this failover they are like well the AP can do it NICE lets do it  got it? is not like soemthing they really NEED.  They just asked me, can it do that???? if it can nice! lets put it!

 

Cheers

Carlos

---

If your customer depends on his point to point link for access back to his network, he should continue to do so, and the access point should just ride that connection.  It is too confusing to train staff what happens when the point to point is down and the access point is up,  or every other combination of that, especially for a small site.

Thanks for the advise!

Cheers

Carlos