Solved: N+1 5508 WLC failover test - Page 3

edwardzeng · ‎08-01-2013

Good day all,

I have a question about the N+1 5508 failover test:

Should I shutdown one of the primary WLC to test failover?

I just setup the N+1 bakcup WLC (5508). B

Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf

We have two production WLCs both 5508 and one 4405.

We just purchased another HA-SKU WLC 5508.

All our four WLCs had been setup into one mobility group in version 7.4.100.6.

.

Their neighbors are all up.

But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)

Here are the log screen:

================ From test Access Point============

*Mar 1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source

*Mar 1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1

*Mar 1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar 1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Mar 1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

*Mar 1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

*Mar 1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP

*Mar 1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

*Mar 1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246

*Aug 2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

*Aug 2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246

*Aug 2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246

*Aug 2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246

*Aug 2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23

*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.

*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.

*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23

*Aug 2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down

*Aug 2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Aug 2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1

*Aug 2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1

*Aug 2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf

-test-ap1#sh int bvI 1

BVI1 is up, line protocol is up

Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)

Internet address is 10.255.1.3/24

===================From backup N+1 WLC===

*spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).

*spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).

*spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).

*spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).

*spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).

*spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).

*spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).

*spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).

.

*mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded

*spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded

==================== From one of our Primary WLC=====================

(WLC-5500) >show advanced backup-controller

AP primary Backup Controller .................... ODC-WLC1 10.254.240.5

AP secondary Backup Controller .................. 0.0.0.0

(WLC-5500) >show redundancy summary

Redundancy Mode = SSO DISABLED

Local State = ACTIVE

Peer State = N/A

Unit = Primary

Unit ID = 54:75:D0:DE:DE:40

Redundancy State = N/A

Mobility MAC = 54:75:D0:DE:DE:40

Redundancy Management IP Address................. 0.0.0.0

Peer Redundancy Management IP Address............ 0.0.0.0

Redundancy Port IP Address....................... 0.0.0.0

Peer Redundancy Port IP Address.................. 169.254.0.0

(WLC-5500) >show license capacity

Licensed Feature Max Count Current Count Remaining Count

-----------------------------------------------------------------------

AP Count 250 203 47

==============From the Backup N+1 WLC in DR =====================

(Cisco Controller) >show redundancy summary

Redundancy Mode = SSO DISABLED

Local State = ACTIVE

Peer State = N/A

Unit = Secondary - HA SKU

Unit ID = 6C:41:6A:5F:4C:80

Redundancy State = N/A

Mobility MAC = 6C:41:6A:5F:4C:80

Redundancy Management IP Address................. 10.254.240.3

Peer Redundancy Management IP Address............ 0.0.0.0

Redundancy Port IP Address....................... 169.254.240.3

Peer Redundancy Port IP Address.................. 169.254.0.0

(Cisco Controller) >show license capacity

Licensed Feature Max Count Current Count Remaining Count

-----------------------------------------------------------------------

AP Count 500 0 500

Scott Fella · ‎01-15-2014

Here is how to activate a license just in case

http://www.cisco.com/en/US/docs/wireless/controller/7.3/configuration/guide/b_wlc-cg_chapter_0100.html#topic_26365E404744412292539CE423D5F63D

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

ajc · ‎01-15-2014

Hi Scott,

From the link you sent me recently:

"For high-availability (HA) controllers when you enable HA, the controllers synchronize with the enabled license count of the primary controller and support high availability for up to the license count enabled on the primary controller."

Using GUI, if I try to manipulate/change the license condition of the HA SKU WLC, I get the following:

From Software Activation --- > Licenses --- > Base AP Count: Licenses cannot be modified on secondary HA SKU Controller.

I will give a try using CLI as indicated in the link and let you know.

thanks a lot for your time and attention.

AC

Scott Fella · ‎01-15-2014

There is a difference between AP SSO and N+1. The N+1 setup you do need to make sure you activate the license which is really accepting the RTU.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

ajc · ‎01-15-2014

Hi Scott,

Effectively the Evaluation License was ACTIVE but EULA "not accepted". Therefore, based on the link you sent me, I proceeded to increase the priority in the BASE-AP-COUNT (evaluation license), then the EULA Window came up so I accepted it. After doing this, I rebooted the HA SKU WLC. Let's see if now it works. I will let you know. Next the screenshots about this process.

Important to mention that HA SKU WLC Global Configuration MUST be changed to PRIMARY so we can activate the EVALUATION LICENSE (EULA Accept)

edwardzeng · ‎01-15-2014

Hi Abraham,

It is good to know that your WLC is working.

I just put the base-AP-count back to LOW priority in 7.4 after working.

That may give you extra days for EULA when things happen. (Please correct me if I am wrong.)

But maybe it is better to test it again after you change it back to Low priority.

Here are my SKA-WLC screens.

(Cisco Controller) >show license summary

License Store: Primary License Storage

StoreIndex: 0 Feature: base Version: 1.0

License Type: Permanent

License State: Active, Not in Use

License Count: Non-Counted

License Priority: Medium

License Store: Evaluation License Storage

StoreIndex: 0 Feature: base-ap-count Version: 1.0

License Type: Evaluation

License State: Active, Not in Use, EULA not accepted

Evaluation total period: 8 weeks 4 days

Evaluation period left: 8 weeks 4 days

License Count: 500 / 0 (Active/In-use)

License Priority: None

Cheers,

Edward

edwardzeng · ‎01-15-2014

Hi Abraham,

In my case I didn't need to accept the EULA.

Maybe I did accept and change it back to low but since we don't have extra base-AP-count licesens I believe change the priority doesn't matter at all..

But I upgrade to 7.4.110 and reboot.

I wonder maybe just need to reboot to make it work!

Cheers,

Edward

Scott Fella · ‎01-15-2014

When changing the license priority, it does require a reboot.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

edwardzeng · ‎01-15-2014

Thank you kindly for your update Scott.

Cheers,

Edward

ajc · ‎01-15-2014

Hi Edward,

In my case, I was using 7.5.102.0 (I need to implement as well Bonjour with mDNS + LSS) instead of 7.4.110.0 and it was mandatory to ACCEPT the EULA. Otherwise it does not work.

I will give a try on version 7.4.110.0 changing the priority on the evaluation license and post the results here. I need to check if URL Redirect on this version works because is failing on version 7.5.102.

edwardzeng · ‎01-15-2014

Hi Abraham,

May I ask you two questions about the LSS?

1. Does it work well for your Apple TV on wired connection?

2. Do you need to trunk the Appl TV wired vlan back to WLC with LSS enable?

Thanks,

Edward

Scott Fella · ‎01-16-2014

LLS is only for wireless not wired.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

edwardzeng · ‎01-23-2014

Hi Scott,

Thank you kindly for your information.

Cheers,

Edward

ajc · ‎01-17-2014

INFORMATION OF INTEREST:

I found the issue on the URL REDIRECT on version 7.5.102.0 for Authentication using External Login Page (in our case the ISE Device is acting like Web Server + AAA Server for Web Authentication).

The post that I opened is the following:

https://supportforums.cisco.com/message/4114736#4114736

ajc · ‎01-17-2014

Hi Edward,

Scott is right, I was talking about LSS because I want to make all the tests indicated in the Guide for Bonjour Protocol for version 7.4 and 7.5. I will open another post with the information that I got and let you know.

thanks

AJ

edwardzeng · ‎01-23-2014

Hi Abraham,

Thanks a lot for your feed back.

Cheers,

Edward