Cisco Wireless Controller N+1 Redundancy

For years Cisco has had Wireless LAN Controller (WLC) redundancy for their wireless access points (AP). The setup was simple, simply have an extra WLC as the back up, then configure it the same as the primary. Then in the AP under the “High Availability” tab you can enter the name and IP of the primary, secondary, and tertiary controller. When the primary controller becomes unreachable, the AP will reboot and connect to the secondary controller. This redundancy solution is called N+1, meaning you have an extra controller to handle the load if one of the controllers fail.

This solution works very well, I have it deployed like this in many locations. The challenge with this setup is that you have to purchase licensing for all of your controllers. In an active/standby solution, you need licensing for both of your controllers to handle all of the AP’s, this can be very expensive.

Cisco has come up with an N+1 solution that doesn’t require the expense of purchasing licensing for both primary and secondary controller. In version 7.4 you can purchase the HA-SKU wireless controller. The HA-SKU model is the same controller that you would purchase for the primary controller except it doesn’t require any licenses to work. In my case, I have two Cisco 7510’s, one is the HA-SKU model.

The concept here is to save you money on licensing. You pay for the licensing for the primary WLC, then no licensing for the standby. All AP’s need to connect to the Primary WLC and only connect to the standby when the primary fails. After about 60 days, the HA-SKU standby controller will start sending errors that the AP has been on the controller too long.

There is a N+1 configuration guide. I found that the configuration on the controller is not needed. Simply configure your standby controller to match the wireless configuration on your primary, then add the standby information to the AP (Under High Availability). When the primary controller becomes unreachable, the AP moves to the standby.

In my testing, I used a 1602 AP in Flex Connect mode. The AP took less then 1 minute to move to the secondary controller. The AP did not reboot. Then it took about 1 minute for it to move back to the primary controller.

How has your experience been with N+1 redundancy? Are you using the HA-SKU model and how is it working for you?

If you have enjoyed this article, please consider sharing it with the social media icons below!!

19 thoughts on “Cisco Wireless Controller N+1 Redundancy

  1. I just set up a HA WLC configuration using the HA-SKU where the secondary controller is treated as hot-standby. It hasn’t been deployed, but we tested it in our lab and found it works amazingly with hardly any noticeable service interruption. It is a bit annoying to set up but it is a fantastic solution if you don’t mind both controllers living at the same physical location. If this doesn’t fit your BCP, then it looks like N+1 is best.

  2. On your HA, did you bother with the licensing as it says eval on it? I did the primary/secondary config and it worked amazingly well on different subnets but the license error about it being an eval box worry my client. The guide for HA talks about the box being paired with the primary to obtain its license. I guess the question is does yours still work now after the eval period has stopped?

    • Moomin

      My Cisco product specialist informed me that the license issues start once an AP associates to the controller. Then after a set number of days it starts sending syslog and SNMP traps regarding the license. The number of days was either 30 or 90 days, I don’t remember for sure. Either way, it was long enough to get the primary back up and running.

      The main thing to keep in mind was to use the standby as a standby and not have any APs on it regularly.

      I hope this helps

  3. Hello, Thanks – I am getting the same feedback but when you do a show ver on the controller it still says the controller is in eval mode and will expire in 90 days so I am concerned about leaving site like this. Did you see the same and if you do a show ver what does your license status show you?
    Thanks in advance

  4. Abraham – As long has you have the HA-SKU model of controller, you don’t have to do anything to the HA unit in regards to licensing. You do not have to configure either of them for redundancy either. All config is on the AP, simply placing the HA WLC as the secondary on the AP.

    • thanks scape, but based on the guide I should configure the following in the Primary and HA SKU WLC using GUI:


      Wireless — > Global Configuration — > High Availability —- > Backup Primary Controller IP
      Address — > Management IP of the HA SKU WLC

      Global Configuration —- > Backup Primary Controller Name — > Here, I configured the NAME of the HA SKU WLC.

      In the HA SKU WLC:

      Controller — > Redundancy — > Global Configuration — > Redundant Unit —- > SELECT “SECONDARY” and AP SSO “DISABLED”

      • What redundancy are you looking for? This article is based on one controller in one location while a 2nd controller is at a completely different location.

        If you want them at different locations, then you do not configure redundancy on the WLC’s, but do configure the 2nd WLC on the AP under “High Availability”.

        Keep in mind that the 2nd controller does NOT get it’s config from the primary controller. You have to configure them as two stand alone controllers. Make sure they have the same WLAN config.

        • Hi Scape, I am trying to implement N+1 HA SKU. So I can have 1 WLC providing redundancy to all the others 8+ WLC;’s with no license limitation. All the controllers in the same subnet.

          • Are you able to add the new controller’s name and IP on all of the APs (High Availability tab) as the 2nd or 3rd controller? If you do this, then the AP will jump to the next WLC if the 1st one drops off. The AP will follow the order if WLCs go away.

  5. Hi Scape, I am trying to implement N+1 HA SKU. So I can have 1 WLC providing redundancy to all the others 8+ WLC;’s with no license limitation. All the controllers in the same subnet.

  6. I put a test AP on the HA WLC and I got the following error once the AP was on there longer then 90 days.

    SNMP Trap

    Long Descr.:
    This notification is sent on the event of a generic failure
    between the active and standby unit
    1: cLHaSecondaryControllerUsageTrapType
    Descr=”This object represents the usage of secondary controller. After the usuage of 90 days, one trap is generated per day for over usage.
    usageStart – start of secondary controller usage.
    usageComplete – completion of secondary controller usage period of 90 days.
    overUsage – Secondary controller overusage.”
    Syntax=”INTEGER {
    2: cLHaSecondaryControllerUsageDayCounter
    Descr=”This object represents the number of days the secondary controller is used.”
    3: sysName

    Here is the message from the GUI

    RF Secondary Controller Usage notification TrapType: 3 DaysCounter :219 System Name :

  7. Hi Scape,

    There is a bug that keeps the evaluation license in the Backup WLC under n+1 HA SKU configuration counting down even when the AP leaves the HA WLC and reconnects with its original (primary) WLC.

    I opened in the past a case with Cisco TAC and this issue is solved using version 7.6 minimum. I tested on 7.5 same problem with the timer.

    Basically they removed the 90 days counter from the IOS so now I have more than 50 AP’s on the N+1 HA WLC connected during the last month and the timer is not counting down for those devices. I have not kept an AP connected continuously during 90 days to the N+1 HA WLC. I will give a try and let you know.

  8. Hi, Scape,
    How can I assign access points into AP Groups and Flexconnect Group at wlc-ha? My access points registered at main controller and does not seen at wlc-ha. Do I need to join them into wlc-ha?
    Many thanks to you for the post!

    • You assign the AP to an AP Group on the ADVANCED tab on the access point (Go into the access point on the controller, then click on the ADVANCED tab). You select the AP Group from a drop down menu.

      I’m sorry, but I’m not using Flex Connect Groups. To configure my APs, I have setup templates in Prime Infrastructure and based the sites need, I push out the template with the correct VLANs. In that template I have the primary and backup controller information.

      Can anybody help Klinskoy out with her question on Flex Connect Groups?

    • Hi Klinskoy,

      Let me clarify something. I am assuming you are using HA N+1 WLC not the traditional HA WLC which would imply that you have a redundant WLC to the Main Controller. Like 1 to 1 redundancy. N+1 HA WLC technology allows you (as my case) to provide redundancy to a group of controllers (in my case I have 5 WLC’s pointing to 1 HA N+1 WLC). Based on my different tests in the lab, as soon as main controller fails, ALL the AP’s automatically register with the N+1 HA and sometimes your end users only would have to reauthenticate based on the SSID to which they want to connect. In the N+1 HA WLC I have only 1 subnet for each SSID that I use in the Main controllers so I do not have to assign manually each AP into a Group when they switch to the redundancy WLC during a failure on any of the main WLC’s.

      IMPORTANT to say that you can do this ONLY if you configure the SSID’s in the HA N+1 WLC with an INDEX number from 1 to 16.

      If you need something else, send me an email. Sorry but I am not using Flexconnect.

      Scape is right when he said that using the ADVANCED TAB on each AP allows you to assign manually an AP into an specific group on the HA N+1 WLC. But I am not doing that because that is my redundancy controller so I needed flexibility on that device.

      You can assign an AP to an specific group using Prime Infrastructure (NCS) or using the WLC — > AP — > Advance Tab.

  9. Asked Newbie,

    In case of failure of the main controller, and all aps associate in WLC-HA, I can add new networks? Create new SSID ?, ie I can manage the controller as if you were at home?

    What would be the limitations?


    • Hi Cesar, I have not tested that situation but I would say yes because as soon as the Main Controller fails all the AP automatically join to the HA N+1 WLC and start broadcasting the SSID’s already configured in that WLC. So if you add manually more SSID’s on that HA WLC, the AP’s joined to it eventually would broadcast any new SSID. I do not see why it should not work because the HA WLC limitation is only the number of AP’s it can manage based on the license that you configure on it (by default 5508 comes with a 500 license).

      If you have any other doubt, let me know.

Leave a Reply