Wireless Access

Hello 

I have a controller in my headquarter, in this site i have 2 different wan links to provide redundancy.

I have some RAPs in my remote site, and need to provide redundancy in case of failure of one of the wan links of the headquarter.

How can i configure it for my raps?

I have tryed to use LMS but it don´t works fine for the RAPs.

Could you help me ?

Regards

Thiago

please refer to the Geographical Redundancy for RAP Deployments in the RAP VRD for full details; but in summary:

When considering redundancy for RAPs, there are two components.  

1) The provisioning name 

2) The LMS

You can handle the first by either setting up a DNS entry with two IPs; one for each of your locations; that way if one controller is down, RAPs can still find their way to a controller to get their configuration.....which is where the second piece comes in.  The second is handled by the primary/backup LMS IPs (external IPs, not internal).    

(Both controllers need the RAP whitelist)

Another question:

If i need to point 2 different controllers in 2 different locations, it is possible since the same configuration exists on the 2 sides, right ?

In this case i need to use LMS too?

---

@taraujo wrote:

Another question:

 

If i need to point 2 different controllers in 2 different locations, it is possible since the same configuration exists on the 2 sides, right ?

 

In this case i need to use LMS too?

---

Yes...that should work just like in the CAP scenarios for failover.

Hello 

Thank you for the help. 

I did a lab yesterday and the lms works, i just needed to adjust the VPN retries to reduce the downtime.

there Is any other parameter i can adjust to improve the reconnection time ?

Regards

A third option (for RAP3s and 155s or any Instant AP) is to use Instant + VPN as documented in the Instant user guide.  

Essentially, you move from a L2 extension in the RAP mode (note all the broadcast and multicast knobs per best practice in Chris's link to our VRD) to a L3 extension with routable subnets per RAP.  There are major architectural differences but for scaling purposes, please consider using our RAPs as Instant APs and enabling an IPSec tunnel to a mobility controller.  

The benefits are:

1. < 1 minute failover as you can enable two IPSec tunnels to two controllers.

2. L3 connectivity vs. L2 connectivity meaning the RAP clients' gateway is the RAP.  Each home/remote site is its own subnet.  Think broadcast containment, etc...

3. Plug and play (since it's instant) for adding another AP or two.  Also note that IF the demark in the home is NOT in an optimal spot, with Instant, we can enable "wifi uplink" whereby you have an AP where the modem is and you can form a wireless link to another AP where the user may be physically located.

4. No AP/PEF licensing on the controllers (recommend PEF-V however)

5. Scalability numbers well north of AP capacity limits on controllers as all intelligence (control and mangement planes) are distributed.

There are many more but at scale, Instant + VPN is a much more robust solution we have been working on and now have in place for a little while now...