Cisco WLC redundancy with mobility groups.
While LWAPs and Wireless Controllers can streamline and standardize WLAN deployments, it also tends to provide a not so nifty single point of failure. If you only have one WLC in your network and you lose all connectivity to that WLC, whether it be a mis-configuration or a general failure all your LWAP’s will go down until they can join the controller again (or find another controller to join).
The configuration for this is actually fairly simple (especially if you only have 2 WLC’s). First off you want to issue the sh mobility summary to go over the current mobility settings, all these settings are important but probably the most important one is the Default Mobility Domain this is the current name of the mobility group and both controllers will need to be in the same mobility group. (Important: Mobility group names are case-sensitive). If you wish you can change the mobility domain name by issuing the follow command config mobility group name group_name command.
Now once you’ve decided on a mobility group name and both controllers are in the same mobility group, you need to add each respective controller’s MAC address and IP Address as a member of the mobility group on all participating controllers. This done with the following command config mobility group member add mac_address ip_address. Mobility group members can be removed by changing the add keyword with the word delete. Now, each model of Cisco WLC’s can support a max number of 24 mobility group members. So their is a limit, albeit a fairly large limit but it does exist.
Also keep in mind, all this can be done via the GUI interface under Controller -> Mobility Management and of course in the GUI everything is pretty self-explanatory in labelled fields for you to configure easier. (Just more time-consuming)
Once this is all said and done you want to issue the sh mobility summary again to verify the configuration and verify the status of each mobility group member is up.
A few facts to keep in the back of your mind are mobility group messages communicate over UDP port 16666, you will want to create rules or an ACL allowing that kind of traffic between the controllers (If you have any type of firewalls between them). You can issue the following commands to very connectivity ping, eping, mping. Obviously the ping command is just there to verify layer 1 connectivity, eping will verify the EoIP tunnel between the controller has formed. The EoIP (Ethernet of IP) tunnel is where all these mobility messages are exchanged through, and mping will test communication over UDP 16666.
Note: I would have loved to include my own screen shots, but I do not have 2 WLC’s out of production to work with.