Showing results for 
Search instead for 
Did you mean: 

WLC in HA mode IP address and VLAN change procedure

I changed the address on a pair of 5508's in HA mode this weekend.  I was unable to find a detailed procedure to do this so I thought I would post it here.  These are running


First, I changed the primary controller for all of the access points to my new address using Prime.  If you do not have Prime you would need to issue this command for each AP:


config ap primary-base <wlc name> <wlc address>


Or from the GUI, select an AP, click on the High Availability tab and enter the WLC name and new address as the primary address.  You could also use your current address as primary and the new address as secondary.


I also enabled ssh for the AP's globally so I could connect to them remotely if I had problems getting them to join on the new address.  Luckily I didn't.


  1. PRIMARY: Disable WLANS
   config wlan disable all


  1. PRIMARY: Disable HA mode (controllers will reboot)
   config redundancy mode disable


  1. STANDBY: Change the management IP address:
   config interface address management


  1. STANDBY: Change the VLAN assignment on the management interface
   config interface vlan management 23


  1. STANDBY: Change the redundancy management address:
   config interface address redundancy-management peer-redundancy-management


  1. STANDBY: Enable all ports
   config port adminmode all enable


  1. PRIMARY: Change the management IP address
   config interface address management


  1. PRIMARY: Change the VLAN assignment on the management interface
   config interface vlan management 23


  1. PRIMARY: Change the redundancy management address
   config interface address redundancy-management peer-redundancy-management


  1. PRIMARY & STANDBY: Enable HA mode. Controllers will reboot. Issue on primary first, then standby. No need to wait for primary to complete bootup before issuing on standby
   config redundancy mode sso


  1. PRIMARY: Enable WLANS
   config wlan enable all


(WLC1) >show interface summary

Number of Interfaces.......................... 5

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management                       LAG  23       Static  Yes    No  
redundancy-management            LAG  23       Static  No     No  
redundancy-port                  -    untagged    Static  No     No  
service-port                     N/A  N/A         Static  No     No  
virtual                          N/A  N/A         Static  No     No 

(WLC1) >show redundancy summary
            Redundancy Mode = SSO ENABLED
                Local State = ACTIVE
                 Peer State = STANDBY HOT
                       Unit = Primary
                    Unit ID = 4C:00:82:71:E6:40
           Redundancy State = SSO
               Mobility MAC = 4C:00:82:71:E6:40
            BulkSync Status = Complete
Average Redundancy Peer Reachability Latency = 428 Micro Seconds
Average Management Gateway Reachability Latency = 2099 Micro Seconds


Don't forget to change the network device address for the WLC in ISE.  After I did this it still would not authenticate wireless users.  I was getting this error for everything in the live log:



Endpoint started new session while the packet of previous session is being processed. Dropping new session.


I had seen a similar problem in the past though I can't remember what caused it.  I restarted ISE and authentications started working again.   I think there may be a command to clear the cache so that a restart isn't necessary but I am not sure what that is.


So just thought this might help someone.  I invite and welcome any improvements to this procedure.



VIP Mentor

Re: WLC in HA mode IP address and VLAN change procedure

Thank you Jeff posting this procedure, I am sure it will help many others.



CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey