AP Redundancy

What happens if our AP looses connection to our WLC? In this lesson, we’ll be taking a look at how we can configure our APs to failover to additional controllers.

Exam Topic

4.0 WLAN High Availability
 4.2 Design high availability for APs
  4.2.b Fall-back (assigning primary, secondary, and tertiary)

Video Overview

AP Redundancy Overview

We’ll start this lesson by taking a look at an example topology below.

AP Redundancy Overview

Here we’ve got 10 APs associated to a single WLC; MN-WLC01.

What would happen if MN-WLC01 failed? Chances are, our APs would fail along with it.

Our APs wouldn’t be able to authenticate clients using RADIUS or provide a splash page hosted on the controller to guests.

AP Redundancy Additional Controller

Let’s imagine we now purchase an addition WLC to improve redundancy; MN-WLC02.

How would our APs associate to MN-WLC02 if MN-WLC01 failed?

It could go through the AP discovery phase to detect another WLC using methods like;

  • Layer 3 broadcast.
  • DHCP (Option 43).
  • DNS.
AP Searching for WLC

There’s one problem with this method though… Our APs would be disconnected from a controller for a significant amount of time whilst they discover and join a new WLC. This doesn’t seem very efficient? How can we approve this?

To combat this and reduce the amount of time it takes our APs to failover to another controller, we can prime them with additional controllers. What we’re doing is telling the AP which controller to associate to if its primary becomes unavailable.

We can configure up to three controllers on each AP:

  • Primary.
  • Secondary.
  • Tertiary.

These controllers are then saved in non-volatile memory so that they’re saved and remembered after a reboot or power failure.

AP Failover CAPWAP Tunnels

Our APs will then build CAPWAP tunnels to each of the controllers that have been primed. The AP however will only associate to a single WLC.

The CAPWAP tunnels that are built with the other primed controllers are then pre-constructed should the AP need to associate to the controller. This drastically reduced the time taken for the AP to failover to the secondary controller.

AP Failover CAPWAP Primary Failed

To provide some context, MN-WLC01 has now failed. As our AP has been primed with a secondary controller, it uses the pre-built CAPWAP tunnel to associate to MN-WLC02.

AP Redundancy Configuration

Now that we’ve got an understanding of how we can prime APs to provide high availability, let’s look how we prime our APs. In this example we’ll be using AireOS.

There’s two methods of applying the configuration to our APs:

  • Globally.
  • Per AP.

For our configuration, I’ll be using the same topology that we’ve used throughout this lesson. For reference, the topology can be seen below.

AP Failover CAPWAP Tunnels

Per AP Configuration:

1. Navigate to Access Point configuration.

To begin with, we’ll navigate to the AP configuration section of our wireless controller. This can be found by navigating to:

WIRELESS > Access Points > All APs

AP Configuration

2. Select the AP to configure.

We’ll then select the AP that we want to apply the required configuration to. In this example, I’ll be applying the configuration to MN-AP01.

Select AP

3. Apply AP Redundancy configuration.

Finally, we need to navigate to the High Availability tab. We then have the ability to configure our Primary, Secondary and Tertiary Controllers.

In my example, MN-WLC01 is configured as the primary and MN-WLC02 as the secondary.

Applying AP Redundancy Configuration

Global Configuration:

1. Navigate to Access Point Global Configuration.

We’ll start by navigating to the global configuration of our APs. This can be found by navigating to:

WIRELESS > Access Points > Global Configuration

Cisco WLC Global AP Overview

2. Applying Configuration.

Finally, we can then apply the configuration to our APs. In this example, I’ll set the primary controller as MN-WLC01 ( The secondary controller will then be set as MN-WLC02 (

Cisco WLC Global AP Configuration