Video Series - New Features introduced in Wireless LAN Controller 7.3 Release
You can also check High Availability Architecture in Wireless LAN Controller – 7.3 Release. More details on High Availability (AP SSO) Deployment Guide.
Please do feel free to drop in your queries, i will be glad to answer them
Do Rate the Videos!
Really your video is very helpful for me to understand the actual process of enabling the AP-SSO operation.
I have few questions to you....
1. Is it, the Redundant management IP address is pingable?
2. How to verify the port status of Redundant port?
3. I am haivng 1000 AP license in each Flex Controller, is it possible to merge two License into single and get total of 2000APs license. Since, the requirement is to have minimum license only on secondary and doesn't required any license on Primary.
Please advise on this at your earliest..
Glad you liked the information shared in this video.
1. Yes, the RMI is pingable. Because RMI has to verify the management gateway reachability as it is a critical decision making factor for controllers to trigger failover & take up roles (active/standby) accordingly.
2. There is no way to identify the RP status. Max. you can try is to ping the RP IP address of peer as they are pingable ONLY between peer controllers and not on infra.
3. No, you can't merge licenses. True, the requirement to have 0 or minimum 50 AP license count is there to make the unit as secondary. The number of APs will be served by the paired up controllers based on the AP count you have on Primary controller. For instance, if Primary has 12 AP license and Secondary is with bare minimum 50 AP count. Once you pair up the controllers, the total AP count serve will be 12.
Please do keep positing your comments/feedback/doubts and dont forget to rate the video and solution to your questions/comment
Thanks for your quick response...
I am not able to ping the RMI address on both the Flex Controller's. I have connected the cable and tested the Layer 1 is good and followed the IP address assignment as per the document.
I have attached the snap shot of both the Controllers and also, please see the below mentioned output.
(Cisco Controller) >show port sum
STP Admin Physical Physical Link LinkPr Type Stat Mode Mode Status Status Trap POE-- ------- ---- ------- ---------- ---------- ------ ------- ---------1 Normal Forw Enable Auto 10000 Full Up Enable N/A2 Normal Forw Enable Auto 10000 Full Up Enable N/A
(Cisco Controller) >show interface sum
Number of Interfaces.......................... 7
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu est-------------------------------- ---- -------- --------------- ------- ------ -- ---management 1 untagged 10.222.11.50 Static Yes No redundancy-management 1 untagged 10.222.11.52 Static No No redundancy-port - untagged 169.254.11.52 Static No No pfg-guest 1 84 10.21.84.100 Dynamic No No pfg-mil-160m 1 8 10.29.8.6 Dynamic No No service-port N/A N/A 0.0.0.0 DHCP No No virtual N/A N/A 188.8.131.52 Static No No
(Cisco Controller) >ping 10.222.11.52 ------------------------------> RMI - Primary
Send count=3, Receive count=0 from 10.222.11.52(Cisco Controller) >ping 10.222.11.50 ------------------------------> Primary Mgmt IP
Send count=3, Receive count=3 from 10.222.11.50
(Cisco Controller) >ping 10.222.11.51 -------------------------------> Secondary Mgmt IP
Send count=3, Receive count=3 from 10.222.11.51
(Cisco Controller) >ping 10.222.11.53---------------------------------> Peer RMI - Secondary
Send count=3, Receive count=0 from 10.222.11.53
(Cisco Controller) >
thanks for the post
can we connect both RP of WLCs via switches
yes, keep it in layer 2. However, recommended would be to connect them back to back.
I have two standalone WLCs 5508 with 50 base license for each one but the WLCs located in different data centers that connected via fiber cable.
my action plan is
-specific vlan Y at both switches to connect the RP ports with access mode.
-WLCs managment and RMI at same subnet (vlan X) with tagging at both switches and WLCs interfaces.
-do the rest of configurations like video
any recommendation is appreciated
Yeah RPs need to have L2 adjacency.
Right, since RMI intf is created as part of the mgmt subnet, you would need to keep them in same vlan as you also suggested above.
Configuration sync and keepalives will be sent across RP.
Don't miss to keep below into consideration :-
1. RTT Latency on the redundancy link is 80 milliseconds by default. The RTT should be 80% of the Keepalive timer which is configurable in the range 100-400 milliseconds.2. Failure detection time is 3*100 + 60 + jitter (12 msec) = ~400 msec3. Bandwidth: 60 Mbps or more4. MTU: 1500
Hope this helps... Good luck!
thanks so much for reply , I appreciate that
I only have a doubt about if something missed or goes wrong during HA configuration do I will loose my configuration of the WLC as one of them is used as a primary one to connect 40 APs .
what expected time to do this action ,just to ask for a suitable outage time
1. You may lose out on WLC's configuration which you intend to make secondary. Primary WLC's config will remain intact. However, i would recommend you to take backup of both WLCs in advance so it is easy to restore later.
2. Not more than 15mins to set up HA completely. You can keep 15mins for rollback and 5-10mins for config backup. Overall, 45mins-1hr should be your maintenance window.
-the WLCs are running
do you think it is a stable version or there is a recommended one from cisco
-in most HA examples they use untagged interfaces for management and RMI but in my case I have alot of vlans so my management is tagged , is there is any special configurations I need for that
1. Try AIR-CT5500-K9-8-0-121-0.aes
Release Notes 184.108.40.206
Release notes 8.0
2. A redundancy VLAN should be a nonroutable VLAN in which a Layer 3 interface should not be created for the VLAN, and the interface should be allowed on the trunk port to extend an HA setup between multiple chassis. Redundancy VLAN should be created like any other data VLAN on Cisco IOS-based switching software.
No, just keep Management and RMI on same subnet. In case of RP, it will auto-assign IP using last two octets of RMI and first two octets are always 169.254.
I tried the HA but unfortunately both WlCs restarted in maintenance mode so restarted primary one (in my site) and it worked fine like before but because of the other one in a remote site I cant restart it .so is there is any workaround to telnent it as I cant even ping the management or rmi interfaces.
This exercise should happen in the future when the connectivity of RP is lost due to connectivity between both sites so I have to get access all the time to WLC even in maintenance mode by any possible way without the need of console or restart it physically
Your support is highly appreciated
Yeah, If the controllers cannot reach each other through the redundant port and the RMI, the primary controller becomes active and the standby-hot controller goes into the maintenance mode.
The WLC should be rebooted in order to bring it out of Maintenance Mode. Only the Console and Service Port is active in Maintenance Mode.
Since in your case, both went into maintenance, please ensure:-
1. same hardware and software version in place
2. proper gateway reachability from both wlcs independently
3. RMI and the redundancy port should be in two separate Layer2 VLANs, which is a mandatory configuration.
4. NOT SUPPORTED SCENARIO :
The primary controller has the management address and the redundancy management address in the same VLAN, and the secondary controller has the management address in the same VLAN as the primary one, and the redundancy management address in a different VLAN.
When HA is enabled, the standby controller always uses RMI and all the other interfaces, dynamic and management, are invalid. A ping must only accept RMI as source and not other interfaces.
Also note, It is not possible to access the standby-hot controller through the controller GUI, Cisco Prime Infrastructure, or Telnet. You can access the standby-hot controller only on its console.
-If I configure the service port with Ip in different vlan than management and RP can I get access to the WLC during the maintenance mode
-the RMI is not pingable from the gateway is this normal?
1. Yes, SP can be in different VLAN than management and it should be configured that ways irrespective of HA or standalone
2. ICMP packets are generated from the Redundancy Management Interface to check the default gateway reachability of controllers in the Active and Standby states. Gw reachability is one of the deciding factors in role change under HA environment. Hence, RMI IP address should be pingable from GW i.e RMI does respond to ICMP when ping is sourced from Gw
Also note that the RMI is also used to send notifications from the active controller to the standby controller if a failure or manual reset occurs. The standby controller uses the Redundancy Management Interface to communicate to the syslog, NTP server, and TFTP server to upload any configuration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.