08-01-2013 08:02 PM - edited 07-04-2021 12:34 AM
Good day all,
I have a question about the N+1 5508 failover test:
Should I shutdown one of the primary WLC to test failover?
I just setup the N+1 bakcup WLC (5508). B
We have two production WLCs both 5508 and one 4405.
We just purchased another HA-SKU WLC 5508.
All our four WLCs had been setup into one mobility group in version 7.4.100.6.
.
Their neighbors are all up.
But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
Here are the log screen:
================ From test Access Point============
*Mar 1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Mar 1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
*Mar 1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
*Mar 1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
*Aug 2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
*Aug 2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
*Aug 2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
*Aug 2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
*Aug 2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
*Aug 2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
*Aug 2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
*Aug 2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
-test-ap1#sh int bvI 1
BVI1 is up, line protocol is up
Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
Internet address is 10.255.1.3/24
===================From backup N+1 WLC===
*spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
.
*mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
*spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
==================== From one of our Primary WLC=====================
(WLC-5500) >show advanced backup-controller
AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
AP secondary Backup Controller .................. 0.0.0.0
(WLC-5500) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = 54:75:D0:DE:DE:40
Redundancy State = N/A
Mobility MAC = 54:75:D0:DE:DE:40
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
(WLC-5500) >show license capacity
Licensed Feature Max Count Current Count Remaining Count
-----------------------------------------------------------------------
AP Count 250 203 47
==============From the Backup N+1 WLC in DR =====================
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Secondary - HA SKU
Unit ID = 6C:41:6A:5F:4C:80
Redundancy State = N/A
Mobility MAC = 6C:41:6A:5F:4C:80
Redundancy Management IP Address................. 10.254.240.3
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 169.254.240.3
Peer Redundancy Port IP Address.................. 169.254.0.0
(Cisco Controller) >show license capacity
Licensed Feature Max Count Current Count Remaining Count
-----------------------------------------------------------------------
AP Count 500 0 500
Solved! Go to Solution.
01-15-2014 07:00 AM
Here is how to activate a license just in case
http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_0100.html#topic_26365E404744412292539CE423D5F63D
Sent from Cisco Technical Support iPhone App
01-15-2014 07:06 AM
Hi Scott,
From the link you sent me recently:
"For high-availability (HA) controllers when you enable HA, the controllers synchronize with the enabled license count of the primary controller and support high availability for up to the license count enabled on the primary controller."
Using GUI, if I try to manipulate/change the license condition of the HA SKU WLC, I get the following:
From Software Activation --- > Licenses --- > Base AP Count: Licenses cannot be modified on secondary HA SKU Controller.
I will give a try using CLI as indicated in the link and let you know.
thanks a lot for your time and attention.
AC
01-15-2014 07:09 AM
There is a difference between AP SSO and N+1. The N+1 setup you do need to make sure you activate the license which is really accepting the RTU.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-15-2014 07:34 AM
Hi Scott,
Effectively the Evaluation License was ACTIVE but EULA "not accepted". Therefore, based on the link you sent me, I proceeded to increase the priority in the BASE-AP-COUNT (evaluation license), then the EULA Window came up so I accepted it. After doing this, I rebooted the HA SKU WLC. Let's see if now it works. I will let you know. Next the screenshots about this process.
Important to mention that HA SKU WLC Global Configuration MUST be changed to PRIMARY so we can activate the EVALUATION LICENSE (EULA Accept)
01-15-2014 01:00 PM
Hi Abraham,
It is good to know that your WLC is working.
I just put the base-AP-count back to LOW priority in 7.4 after working.
That may give you extra days for EULA when things happen. (Please correct me if I am wrong.)
But maybe it is better to test it again after you change it back to Low priority.
Here are my SKA-WLC screens.
(Cisco Controller) >show license summary
License Store: Primary License Storage
StoreIndex: 0 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
License Store: Evaluation License Storage
StoreIndex: 0 Feature: base-ap-count Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Count: 500 / 0 (Active/In-use)
License Priority: None
Cheers,
Edward
01-15-2014 01:18 PM
Hi Abraham,
In my case I didn't need to accept the EULA.
Maybe I did accept and change it back to low but since we don't have extra base-AP-count licesens I believe change the priority doesn't matter at all..
But I upgrade to 7.4.110 and reboot.
I wonder maybe just need to reboot to make it work!
Cheers,
Edward
01-15-2014 02:12 PM
When changing the license priority, it does require a reboot.
Sent from Cisco Technical Support iPhone App
01-15-2014 03:00 PM
Thank you kindly for your update Scott.
Cheers,
Edward
01-15-2014 01:29 PM
Hi Edward,
In my case, I was using 7.5.102.0 (I need to implement as well Bonjour with mDNS + LSS) instead of 7.4.110.0 and it was mandatory to ACCEPT the EULA. Otherwise it does not work.
I will give a try on version 7.4.110.0 changing the priority on the evaluation license and post the results here. I need to check if URL Redirect on this version works because is failing on version 7.5.102.
01-15-2014 03:20 PM
Hi Abraham,
May I ask you two questions about the LSS?
1. Does it work well for your Apple TV on wired connection?
2. Do you need to trunk the Appl TV wired vlan back to WLC with LSS enable?
Thanks,
Edward
01-16-2014 06:09 AM
LLS is only for wireless not wired.
Sent from Cisco Technical Support iPhone App
01-23-2014 02:29 PM
Hi Scott,
Thank you kindly for your information.
Cheers,
Edward
01-17-2014 01:31 PM
INFORMATION OF INTEREST:
I found the issue on the URL REDIRECT on version 7.5.102.0 for Authentication using External Login Page (in our case the ISE Device is acting like Web Server + AAA Server for Web Authentication).
The post that I opened is the following:
01-17-2014 01:33 PM
Hi Edward,
Scott is right, I was talking about LSS because I want to make all the tests indicated in the Guide for Bonjour Protocol for version 7.4 and 7.5. I will open another post with the information that I got and let you know.
thanks
AJ
01-23-2014 02:30 PM
Hi Abraham,
Thanks a lot for your feed back.
Cheers,
Edward
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide