Solved: Upgrading 2.2 to 2.7

craiglebutt · ‎06-14-2021

Hi

Upgrading the deployment, by building new Node and restoring the backup.

My WLAN has all my PSNs in for resilience for Radius,

The first PSN go to update is the first one in radius settings.

Unfortunately devices are trying to auth before completing the upgrade, I can't take the IP out of the WLAN as will drop the WLAN for a split second.

If a device fails to auth against the first node, should it in theory try the 2nd node, or does that only come in to play if the Node is not responding?

I've changed the shared secret on the WLC so doesn't match the PSN, hoping this will force the devices to try another PSN.

Cheers

Marcelo Morais · ‎06-14-2021

Hi @craiglebutt ,

If you are using a Load Balancer, you are able to block the WLC access to the PSN (by blocking the Authentication Port - 1812) until the upgrade process completes.

If you are not using a Load Balancer, you can do the same with an ACL at the PSN's Default GW.

Hope this helps !!!

View solution in original post

Marcelo Morais · ‎06-14-2021

Hi @craiglebutt ,

If you are using a Load Balancer, you are able to block the WLC access to the PSN (by blocking the Authentication Port - 1812) until the upgrade process completes.

If you are not using a Load Balancer, you can do the same with an ACL at the PSN's Default GW.

Hope this helps !!!

jj2048 · ‎06-14-2021

Hi, Craigle.

I think changing the shared secret is a good idea, I encountered a similar case on my migration, where I was wondering why the network device is authenticating on the secondary PSN while we already set the network device to authenticate to the primary PSN.

We later then found out from the logs that there were attempts to authenticate on the primary PSN but the shared secret was incorrect thus authenticating to the secondary PSN.

Hope this helps.