Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

after enable SSO mode on wism2, lost access to web

 Number of Interfaces.......................... 5

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management                       LAG  26       10.1.9.100      Static  Yes    No
redundancy-management            LAG  26       10.1.9.200      Static  No     No
redundancy-port                  -    untagged 169.254.9.200   Static  No     No
service-port                     N/A  N/A      10.8.200.140    Static  No     No
virtual                          N/A  N/A      1.1.1.1         Static  No     No


(WiSM-slot24-1) >show redundancy su
            Redundancy Mode = SSO ENABLED
                Local State = ACTIVE
                 Peer State = STANDBY HOT
                       Unit = Primary
                    Unit ID = 30:E4:DB:39:13:60
           Redundancy State = SSO (Both AP and Client SSO)
               Mobility MAC = 30:E4:DB:39:13:60
Average Redundancy Peer Reachability Latency = 429 usecs
Average Management Gateway Reachability Latency = 506 usecs

Redundancy Management IP Address................. 10.1.9.200
Peer Redundancy Management IP Address............ 10.1.9.201
Redundancy Port IP Address....................... 169.254.9.200
Peer Redundancy Port IP Address.................. 169.254.9.201
Peer Service Port IP Address..................... 10.8.200.141

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Gold

CSCue66909 DescriptionSymptom

CSCue66909

Symptom:
Once SSO is enabled, the Standby WLC cannot be accessed via the GUI on service port.

also, after enabling SSO, telnet on service port will not work, for standby or active. hence the following command for wism2 will fail:-
cat6k#session slot x processor y --> It uses TELNET and same is blocked for
Service Port with HA enabled

Conditions:
5500/7500/8500 WLCs running 7.3 or higher with SSO enabled.

Workaround:
Standby WLC can be accessed via console connection, SSH on service port, and SSH on the redundant management interface.

4 REPLIES

(WiSM-slot24-1) >show network

(WiSM-slot24-1) >show network summary

RF-Network Name............................. KT
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds

--More-- or (q)uit
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Enable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect  ................... Disable
Web Auth Captive-Bypass   .................. Disable
Web Auth Secure Web  ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
oeap-600 Split Tunneling (Printers)......... Disable
WebPortal Online Client .................... 0
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes

Gold

CSCue66909 DescriptionSymptom

CSCue66909

Symptom:
Once SSO is enabled, the Standby WLC cannot be accessed via the GUI on service port.

also, after enabling SSO, telnet on service port will not work, for standby or active. hence the following command for wism2 will fail:-
cat6k#session slot x processor y --> It uses TELNET and same is blocked for
Service Port with HA enabled

Conditions:
5500/7500/8500 WLCs running 7.3 or higher with SSO enabled.

Workaround:
Standby WLC can be accessed via console connection, SSH on service port, and SSH on the redundant management interface.

How can i fix it? I did

How can i fix it? I did update to ver 8.0.100.0, that didn't help.

Hall of Fame Super Silver

Once you enable AP SSO, You

Once you enable AP SSO, You loose visibility to the GUI.  Upgrading does not fix this as that is how it is.  If you want visibility to the GUI, then disable AP SSO and setup N+1.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf

Scott

-Scott
*** Please rate helpful posts ***
140
Views
0
Helpful
4
Replies