This guide is based on a real world deployment and covers all the aspects of the Cisco WLC 2504 High Availability Configuration.
I will be using the topology below.
The Cisco 2504 is a small form factor wireless controller suitable for small to medium sized organisations. It is the only model in the 2500 series.
With support for up to 75 access points and 1000 clients it is a very powerful box.
Cisco 2504 High Availability
In terms of high availability the 2504 does not support SSO (Stateful Switch Over). With the larger controllers you configure them as an HA pair with a single virtual IP address and in the event of a failure of a single controller the AP will seamlessly associate to the second controller.
The 2504 failover model is N+1. This means a Primary controller with a backup controller. There is no communication between the two controllers and they operate as standalone devices, so you have to configure them separately and license them separately.
The failover scenario
Within the AP you configure a Primary and a Secondary controller address.
Go to Wireless / Access Points / All APs / <Click on an AP> / High Availability
The AP is constantly checking that both controllers are active. In the event that the primary controller is unavailable the AP will associate to the secondary controller, this is not a seamless transition and clients will notice a drop but in less than 60 seconds service is resumed.
In order to support this failover on the secondary controller you need to do one of two things.
Ensure the secondary controller is licensed to support the same amount of access points as the primary. (This can be an expensive option)
The most common scenario is to purchase an HA-SKU controller AIR-CT2504-HA-K9.
For a standard controller the HA is replaced with the number of built in license i.e AIR-CT2504-5-K9 – this is a 5 AP license box and is the smallest number of licenses you can purchase.
This is a box dedicated only for failover situations. It does not contain any built in licenses but will support up the maximum for the box (75) access points in the event of a failover for a period of 90 days.
After which time you will start to get license alerts from the controller – after 90 days the access points will continue to work.
You can also convert a standard controller i.e a air-ct2504-5-K9 into an HA-SKU box with the following command
config redundancy unit secondary – as shown below
(Cisco Controller) >show redundancy summary Type of the Unit = Primary (Cisco Controller) >config redundancy ? unit Configure redundancy unit [primary | secondary] (Cisco Controller) >config redundancy unit ? primary Redundancy unit type is primary secondary Redundancy unit type is secondary (Cisco Controller) >config redundancy unit secondary (Cisco Controller) >reset system The system has unsaved changes. Would you like to save them now? (y/N) Y Configuration Saved! System will now restart! Updating license storage ... Done. ## Controller reboots and comes back as a secondary unit ## (Cisco Controller) >show redundancy summary Type of the Unit = Secondary
To configure via the GUI go to Controller / then at the bottom select HA SKU secondary unit – select enabled and reboot
2504 EOL – End of Life Status
At the time of writing (September 2016) I could not find any end of life announcement for the Cisco 2504 wireless controller. It is a little workhorse and currently supports.
The current suggested cisco wlc 2504 firmware is 8.0.133.0
It will support up to the latest firmware of 8.3.102.0.
For the latest firmware information – please refer to this link
Roger Perkin - CCIE #50038 is a Network Automation Engineer & CCIE Consultant based in the UK, currently working for Softcat Plc as a Senior Network & Security Consultant.
Rogers' CCIE Journey | About Roger | Contact | Twitter | Linkedin
Thank you very very much! Very helpful and actual post for me! Could you please clarify for me where did you get this information: “but will support up the maximum for the box (75) access points in the event of a failover for a period of 90 days”? I’m goung to by “2504-50 + 25 AP license + 2504-HA”.
This is taken from the controller itself when initiating failover and also the documentation.
If you want to support 75 APs you buy the 2504-50 + 25 and this will be the live controller and when failover to the HA controller all AP’s will be supported
I’ve noticed that when I tftp the config of my secondary 2504, the file does not contain any lines that show it to be a secondary (ie config redundancy unit secondary). Do the HA-SKU units automatically know they are secondaries?
Ken, the 2504’s have no concept of redundancy or secondary – they are two standalone units. The HA-SKU is only a license feature that allows the secondary controller to run as a backup and then support 75 aps on failover. You configure the AP to point to the primary and secondary controller.
When making any configuration changes on the primary you also need to make that change on the secondary – there is no config sync
When you get to the bigger controllers i.e 5508 or 5520 you then have a concept of redundancy unit secondary.
HI roger,
IN AN N+1 SCENARIO
i have Primary controller with 25 permanent license , secondary with 75 evaluation license and 19 access points joined on primary for now. i think if i convert the secondary controller as ha sku and buy 5 permanent license for it. i can sit back and relax. in case of fail over the 19 ap’s would join the secondary controller (5 permanent license+ha sku) for 90 days. and the timer would reset post 90 days.
ALSO, JUST A HYPOTHETICAL SCENARIO- MY PRIMARY CONTROLLER IS PERMANENTLY DOWN, SECONDARY (5 permanent license+ha sku) REBOOTS ITSELF, WILL ALL MY 19 AP’S COME AND JOIN THE SECONDARY CONTROLLER .
All your AP’s will join the secondary controller (if they are configured with a primary and secondary controller) with the secondary running in HA mode the AP’s will run for 90 days without issue. After that the AP’s will remain connected but you will get a license warning in the console. If your primary controller is permanently down the AP’s will try to join the primary and failing that the secondary (if configured)
I know this is an old post, but i AM GOING TO REPLY IN HOPES OF A RESPONSE. i HAVE TWO 2504’S SETUP IN n+1 MODE. i JUST TESTED THEM DURING AN ios UPGRADE. aLL OF THE aps MOVED OVER TO THE BACKUP CONTROLLER, BUT THEY DID NOT HAVE ANY OF THE ap STATIC ip ADDRESSES LISTED. iS THERE A WAY TO EXPORT THE CONFIG FROM THE PRIMARY wlc TO THE BACKUP CONFIG FOR THE ACCESS POINTS?
Hi Aaron,
I am not sure I understand your question? The AP’s IP address is coded into the AP and has nothing to do with controller config. When an AP loses contact with it’s primary controller it will try to join the secondary (if configured on the AP) if not it will go through the join process looking for a controller. In that process it might reboot and if getting it’s IP from DHCP might get a different IP
I don’t understand where you are looking for static IP. The AP in theory can use any address as long as it can route to the controller.
I know this is an old post but I am wondering if you could answer this question. I currently have 2 standard 2504 WLC there is 21 Aps joined to 1 and 10 to the other. If I convert the second 1 with 10 APs on it will it keep the 10 licenses that are already on it so I can have the same APs PERMANENTLY registered to it? And if so Can i configure the first WLC as HA secondary also meaning that if the the second WLC fails those 10 will move to the original primary. So ESSENTIALLY I have active active FAIL-OVER pair (Without Config Sync Of OFC)
I don’t understand what you mean when you say convert second controller? In an HA setup you should have all the AP’s on Controller 1 and the secondary controller should be just sitting there, the failover license should only allow you to connect to that controller for 90 days – it’s probably moaning about licensing! The AP’s will move wherever you tell them, you just need enough licenses on the controller