HA mode and routed topologies

  • 0
  • 1
  • Question
  • Updated 4 years ago

In a solution with 2 IdentiFi controllers in a HA pair, upon creating a routed topology, 2 subnets are needed per routed topology correct? One for controller 1 (local subnet, if configuration is performed here) and the other one (remote subnet) for controller 2.

This leads me to another question: in an enterprise campus, where the APs are spread over several floors but on the same site of the controllers pair (local Data Center in the building), what are the advisable topologies for corporate users (typically 802.1x auth.) and guests (Guest portal)? Bridge@AP? Routed mode? The need to have 2 subnets per routed topology with a HA pair seems to add extra complexity, I would say... Not in the controllers themselves, but on the network infrastructure (if not running OSPF, more static routes pointing out to the controllers to reach those subnets...).

On the other hand, Bridge@AP, with controllers and APs on the same site, don't know if makes much sense also... Is Bridge@EWC the answer? :)

Photo of Tavares, Goncalo

Tavares, Goncalo, Employee

  • 330 Points 250 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of John Kaftan

John Kaftan

  • 810 Points 500 badge 2x thumb
It does seem like you would have to have a subnet for each controller per topology.  Otherwise how would the upstream router know which controller to send the return traffic to in order to get back to your AP.  That would get weird when the client roamed to the other controller?  I have never run a routed topology so I am not sure how it works.

I would like to run Bridge@AP.  That way it wouldn't matter how someone connected.  The question I have had there is can we do InterVLAN roaming while bridged at the AP?  If not, we'd be in trouble when we roamed to a new building that has a different VLAN for end users.  The downside there, even if interVLAN roaming worked while bridged@AP, is that you would have to have every possible VLAN tagged to every AP.  You really don't want to do that.  If you route to your buildings then you'd really be messed up when you roam I don't see that working at all.

We use Bridged@Controller and that is what makes the most sense to me if you have dual controllers.  

Briged@AP makes more sense if you have a remote office and you really do not want to tunnel all of the traffic back to the CO over a WAN link.