08-01-2013 08:02 PM - edited 07-04-2021 12:34 AM
Good day all,
I have a question about the N+1 5508 failover test:
Should I shutdown one of the primary WLC to test failover?
I just setup the N+1 bakcup WLC (5508). B
We have two production WLCs both 5508 and one 4405.
We just purchased another HA-SKU WLC 5508.
All our four WLCs had been setup into one mobility group in version 7.4.100.6.
.
Their neighbors are all up.
But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
Here are the log screen:
================ From test Access Point============
*Mar 1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Mar 1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
*Mar 1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
*Mar 1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
*Aug 2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
*Aug 2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
*Aug 2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
*Aug 2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
*Aug 2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
*Aug 2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
*Aug 2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
*Aug 2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
-test-ap1#sh int bvI 1
BVI1 is up, line protocol is up
Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
Internet address is 10.255.1.3/24
===================From backup N+1 WLC===
*spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
.
*mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
*spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
==================== From one of our Primary WLC=====================
(WLC-5500) >show advanced backup-controller
AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
AP secondary Backup Controller .................. 0.0.0.0
(WLC-5500) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = 54:75:D0:DE:DE:40
Redundancy State = N/A
Mobility MAC = 54:75:D0:DE:DE:40
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
(WLC-5500) >show license capacity
Licensed Feature Max Count Current Count Remaining Count
-----------------------------------------------------------------------
AP Count 250 203 47
==============From the Backup N+1 WLC in DR =====================
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Secondary - HA SKU
Unit ID = 6C:41:6A:5F:4C:80
Redundancy State = N/A
Mobility MAC = 6C:41:6A:5F:4C:80
Redundancy Management IP Address................. 10.254.240.3
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 169.254.240.3
Peer Redundancy Port IP Address.................. 169.254.0.0
(Cisco Controller) >show license capacity
Licensed Feature Max Count Current Count Remaining Count
-----------------------------------------------------------------------
AP Count 500 0 500
Solved! Go to Solution.
01-24-2014 06:58 AM
Hi Wesley, next the screenshots:
Regarding the Evaluation License you need to accept it so the HA N+1 would work (see another screenshots on this post). However, this is what I got in the HA SKU WLC which keeps counting down even though the AP is no more connected to that Controller. I opened a TAC Case because we expected that the Evaluation License in the HA SKU would reset its counter and would go back to the default 8 weeks valid period. Apparently this issue is solve on version 7.6. In addition to that you CANNOT install the minimum 50 ap count permanent license on version 7.4 and 7.5 as mentioned in the Cisco Guide for HA N+1 so you do not have to worry about the Evaluation License topic mentioned before. This subject is also solved on version 7.6
TEST RESULTS SCREENSHOTS
CONFIGURATION IN THE PRIMARY WLC and HA SKU WLC is the same as indicated in the guide, I mean:
01-14-2014 10:35 AM
I just set this up recently and it depends if your setting up AP SSO or N+1 for N+1, you can follow this guide. The configuration you mention about peer address is for AP SSO.
Sent from Cisco Technical Support iPhone App
01-14-2014 11:38 AM
I am configuring:
N+1 High Availability Deployment Guide
April 04, 2013
The only thing I did, was the following. I am using version 7.5. I am getting:
*Aug 2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
01-14-2014 11:50 AM
That is all you need to do... the error you has nothing to do with N+1.... did you activate the license?
http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/Licensing.html
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-14-2014 01:21 PM
Based on the documentation I do not need a license in the HA WLC, the Primary WLC replicates its license information into the HA WLC. But, If I am wrong, please let me know.
thanks
01-14-2014 01:23 PM
You don't, but make sure it's showing active... 500 AP count.
Sent from Cisco Technical Support iPhone App
01-14-2014 01:41 PM
Base-ap-count on the HA SKU WLC has the following information per column:
Type = evaluation
Count = 500
Priority = none
Status = EULA Not accepted.
I am using version 7.5 on the WLC's (PRIMARY + HA SKU). Is that the reason of the problem?
thanks
01-14-2014 01:44 PM
Status = EULA Not accepted.
No, but this could be the reason why.
01-14-2014 01:52 PM
From Software Activation --- > Licenses --- > Base AP Count , I am getting: Licenses cannot be modified on secondary HA SKU Controller.
01-14-2014 01:59 PM
I was wondering if there is any particular configuration required in the HA SKU WLC.
01-14-2014 02:12 PM
You should be able to change the priority and hit apply. You then need to reboot the WLC.
Sent from Cisco Technical Support iPhone App
01-14-2014 02:14 PM
This is the guide to configure N+1 and you just have to work on getting the license active.
http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
Sent from Cisco Technical Support iPhone App
01-15-2014 06:55 AM
Hi Scott,
As I mentioned before and you could see in the screenshots. I applied the 2 basic steps indicated in the guide on the Primary WLC and HA SKU WLC using GUI, and configured as well in the High Availability option of the AP both WLC (first entry Primary WLC and 2nd entry HA SKU WLC0. But still not working. I am assuming that is the version I am using the root cause for this issue (7.5.102). I wanted to use this version because we also want to implement Bonjour using mDNS Gateway and LSS.
thanks
01-17-2014 01:31 PM
INFORMATION OF INTEREST:
I found the issue on the URL REDIRECT on version 7.5.102.0 for Authentication using External Login Page (in our case the ISE Device is acting like Web Server + AAA Server for Web Authentication).
The post that I opened is the following:
01-15-2014 06:50 AM
Hi Edward,
In the screenshots that I posted below, you will see that I followed the 2 basic instructions provided in the guide using the GUI on the Primary WLC and HA SKU WLC. In addition to that, I have exactly the same condition you mentioned for the WLC licensing for the HA SKU device we directly purchased to Cisco. It is weird, but in my case is not working and the only difference that I can see is the version I am using (7.5.102). I decided to use this version because we also want to implement Bonjour using MDNS Gateway in the WLC as well.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide