I changed the address on a pair of 5508's in HA mode this weekend.  I was unable to find a detailed procedure to do this so I thought I would post it here.  These are running 8.2.166.0.   First, I changed the primary controller for all of the access points to my new address using Prime.  If you do not have Prime you would need to issue this command for each AP:   config ap primary-base <wlc name> <wlc address>   Or from the GUI, select an AP, click on the High Availability tab and enter the WLC name and new address as the primary address.  You could also use your current address as primary and the new address as secondary.   I also enabled ssh for the AP's globally so I could connect to them remotely if I had problems getting them to join on the new address.  Luckily I didn't. Procedure PRIMARY: Disable WLANS    config wlan disable all   PRIMARY: Disable HA mode (controllers will reboot)    config redundancy mode disable   STANDBY: Change the management IP address:    config interface address management 10.0.0.19 255.255.255.240 10.0.0.17   STANDBY: Change the VLAN assignment on the management interface    config interface vlan management 23   STANDBY: Change the redundancy management address:    config interface address redundancy-management 10.0.0.21 peer-redundancy-management 10.0.0.20   STANDBY: Enable all ports    config port adminmode all enable   PRIMARY: Change the management IP address    config interface address management 10.0.0.18 255.255.255.240 10.0.0.17   PRIMARY: Change the VLAN assignment on the management interface   config interface vlan management 23   PRIMARY: Change the redundancy management address    config interface address redundancy-management 10.0.0.20 peer-redundancy-management 10.0.0.21   PRIMARY & STANDBY: Enable HA mode. Controllers will reboot. Issue on primary first, then standby. No need to wait for primary to complete bootup before issuing on standby    config redundancy mode sso   PRIMARY: Enable WLANS    config wlan enable all Verify (WLC1) >show interface summary Number of Interfaces.......................... 5 Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest -------------------------------- ---- -------- --------------- ------- ------ ----- management                       LAG  23       10.0.0.18       Static  Yes    No   redundancy-management            LAG  23       10.0.0.20       Static  No     No   redundancy-port                  -    untagged 169.254.0.20    Static  No     No   service-port                     N/A  N/A      0.0.0.0         Static  No     No   virtual                          N/A  N/A      1.1.1.1         Static  No     No  (WLC1) >show redundancy summary             Redundancy Mode = SSO ENABLED                 Local State = ACTIVE                  Peer State = STANDBY HOT                        Unit = Primary                     Unit ID = 4C:00:82:71:E6:40            Redundancy State = SSO                Mobility MAC = 4C:00:82:71:E6:40             BulkSync Status = Complete Average Redundancy Peer Reachability Latency = 428 Micro Seconds Average Management Gateway Reachability Latency = 2099 Micro Seconds   Don't forget to change the network device address for the WLC in ISE.  After I did this it still would not authenticate wireless users.  I was getting this error for everything in the live log:   5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session.   I had seen a similar problem in the past though I can't remember what caused it.  I restarted ISE and authentications started working again.   I think there may be a command to clear the cache so that a restart isn't necessary but I am not sure what that is.   So just thought this might help someone.  I invite and welcome any improvements to this procedure.   -Jeff ... View more