Cisco 9800 Wireless 2024 – Phase 8 – WLC and AP (Local/Flex) Redundancy Planning – Part 1


  • High availability is a requirement for wireless controllers to minimize downtime in live networks.
  • AP and Client Stateful Switch Over (SSO) are supported on the physical appliances and the virtual cloud platforms of the Catalyst 9800 Wireless Controllers.
  • HA Pair can only be formed between two wireless controllers of the same form factor.
  • Both controllers must run the same software version to form the HA Pair.
  • Maximum RP link latency = 80 ms RTT, minimum bandwidth = 60 Mbps, and minimum MTU = 1500.

Cisco 9800 VPC on Nexus

Cisco 9800 HA on 17.X

Cisco 9800-CL HA


Configuring a highly available wireless network requires thorough planning, testing, and validation. HA is typically designed around zones, national regions, or global networks.

Example: Data Center SSO – United States by Regions West and East

Reference: https://www.fla-shop.com/resources/us-regions/

Local Controller Redundancy

Reference: https://www.fla-shop.com/resources/us-regions/


CAPWAP Session Establishment

Control And Provisioning Wireless Access Point (CAPWAP) is the protocol that provides the transport mechanism used by Access Points (APs) and Wireless LAN Controllers (WLCs) to exchange control and data plane information over a secure communication tunnel (for CAPWAP Control).

In order to elaborate on the AP Join process, it is important that you understand the Control and Provisioning Wireless Access Point (CAPWAP) session establishment process.

Please keep in mind that the AP needs to have an IP address before being able to start the CAPWAP Process. If the AP does not have an IP address, it does not initiate the CAPWAP Session Establishment Process.

  1. Access Point sends a Discovery Request. See the WLC Discovery Methods section for more information on this
  2. WLC sends a Discovery Response
  3. DTLS session establishment. After this, all messages are encrypted and shown as DTLS application data packets in any packet analysis tool.
  4. Access Point sends a Join Request
  5. WLC sends a Join Response
  6. AP performs an image check. If it has the same image version as the WLC, it proceeds with the next step. If it does not, it downloads the image from the WLC and reboots to load the new image. In such a case, it repeats the process from step 1.
  7. Access Point sends a Configuration Status Request.
  8. WLC sends a Configuration Status Response
  9. Access Point goes to RUN State
  10. During the RUN state, CAPWAP Tunnel Maintenance is performed in two ways:
    1. Keepalives are exchanged to maintain the CAPWAP Data tunnel
    2. The AP sends an Echo Request to the WLC, which has to be answered with its respective Echo Response to maintain the CAPWAP Control tunnel.

The AP successfully joined the WLC

The AP can be renamed and given a location via the CLI

la9800-1#ap name AP80E8.6FD8.2C20 name LAP_NY_2_AP1832I

ap name LAP_NY_2_AP1832I location "NY2 2ND FLOOR"
ap name LAP_NY2_3800 location "NY2 2ND FLOOR"

la9800-1#ap name LAP_NY_2_AP1832I name LAP_NY2_1832I

Part 2 will cover the AP join profile and the associated high-availability configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.