ā06-14-2021 04:01 AM
Hi
Upgrading the deployment, by building new Node and restoring the backup.
My WLAN has all my PSNs in for resilience for Radius,
The first PSN go to update is the first one in radius settings.
Unfortunately devices are trying to auth before completing the upgrade, I can't take the IP out of the WLAN as will drop the WLAN for a split second.
If a device fails to auth against the first node, should it in theory try the 2nd node, or does that only come in to play if the Node is not responding?
I've changed the shared secret on the WLC so doesn't match the PSN, hoping this will force the devices to try another PSN.
Cheers
Solved! Go to Solution.
ā06-14-2021 05:57 AM
Hi @craiglebutt ,
If you are using a Load Balancer, you are able to block the WLC access to the PSN (by blocking the Authentication Port - 1812) until the upgrade process completes.
If you are not using a Load Balancer, you can do the same with an ACL at the PSN's Default GW.
Hope this helps !!!
ā06-14-2021 05:57 AM
Hi @craiglebutt ,
If you are using a Load Balancer, you are able to block the WLC access to the PSN (by blocking the Authentication Port - 1812) until the upgrade process completes.
If you are not using a Load Balancer, you can do the same with an ACL at the PSN's Default GW.
Hope this helps !!!
ā06-14-2021 06:12 AM - edited ā06-14-2021 06:18 AM
Hi, Craigle.
I think changing the shared secret is a good idea, I encountered a similar case on my migration, where I was wondering why the network device is authenticating on the secondary PSN while we already set the network device to authenticate to the primary PSN.
We later then found out from the logs that there were attempts to authenticate on the primary PSN but the shared secret was incorrect thus authenticating to the secondary PSN.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide