Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3397
Views
25
Helpful
4
Replies

WLC in HA mode IP address and VLAN change procedure

jedavis
Level 4
Level 4

‎07-29-2019 06:51 AM - edited ‎07-05-2021 10:46 AM

I changed the address on a pair of 5508's in HA mode this weekend.  I was unable to find a detailed procedure to do this so I thought I would post it here.  These are running 8.2.166.0.

 

First, I changed the primary controller for all of the access points to my new address using Prime.  If you do not have Prime you would need to issue this command for each AP:

 

config ap primary-base <wlc name> <wlc address>

 

Or from the GUI, select an AP, click on the High Availability tab and enter the WLC name and new address as the primary address.  You could also use your current address as primary and the new address as secondary.

 

I also enabled ssh for the AP's globally so I could connect to them remotely if I had problems getting them to join on the new address.  Luckily I didn't.

Procedure

  1. PRIMARY: Disable WLANS
   config wlan disable all

 

  1. PRIMARY: Disable HA mode (controllers will reboot)
   config redundancy mode disable

 

  1. STANDBY: Change the management IP address:
   config interface address management 10.0.0.19 255.255.255.240 10.0.0.17

 

  1. STANDBY: Change the VLAN assignment on the management interface
   config interface vlan management 23

 

  1. STANDBY: Change the redundancy management address:
   config interface address redundancy-management 10.0.0.21 peer-redundancy-management 10.0.0.20

 

  1. STANDBY: Enable all ports
   config port adminmode all enable

 

  1. PRIMARY: Change the management IP address
   config interface address management 10.0.0.18 255.255.255.240 10.0.0.17

 

  1. PRIMARY: Change the VLAN assignment on the management interface
   config interface vlan management 23

 

  1. PRIMARY: Change the redundancy management address
   config interface address redundancy-management 10.0.0.20 peer-redundancy-management 10.0.0.21

 

  1. PRIMARY & STANDBY: Enable HA mode. Controllers will reboot. Issue on primary first, then standby. No need to wait for primary to complete bootup before issuing on standby
   config redundancy mode sso

 

  1. PRIMARY: Enable WLANS
   config wlan enable all

Verify


(WLC1) >show interface summary

Number of Interfaces.......................... 5

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management                       LAG  23       10.0.0.18       Static  Yes    No  
redundancy-management            LAG  23       10.0.0.20       Static  No     No  
redundancy-port                  -    untagged 169.254.0.20    Static  No     No  
service-port                     N/A  N/A      0.0.0.0         Static  No     No  
virtual                          N/A  N/A      1.1.1.1         Static  No     No 

(WLC1) >show redundancy summary
            Redundancy Mode = SSO ENABLED
                Local State = ACTIVE
                 Peer State = STANDBY HOT
                       Unit = Primary
                    Unit ID = 4C:00:82:71:E6:40
           Redundancy State = SSO
               Mobility MAC = 4C:00:82:71:E6:40
            BulkSync Status = Complete
Average Redundancy Peer Reachability Latency = 428 Micro Seconds
Average Management Gateway Reachability Latency = 2099 Micro Seconds

 

Don't forget to change the network device address for the WLC in ISE.  After I did this it still would not authenticate wireless users.  I was getting this error for everything in the live log:

 

5441

Endpoint started new session while the packet of previous session is being processed. Dropping new session.

 

I had seen a similar problem in the past though I can't remember what caused it.  I restarted ISE and authentications started working again.   I think there may be a command to clear the cache so that a restart isn't necessary but I am not sure what that is.

 

So just thought this might help someone.  I invite and welcome any improvements to this procedure.

 

-Jeff

Labels:
4 Replies 4

Rasika Nayanajith
VIP
VIP

‎07-29-2019 01:21 PM

Thank you Jeff posting this procedure, I am sure it will help many others.

 

Rasika

klohse
Level 1
Level 1

‎09-22-2020 07:13 AM

Hello, thanks for the info, i have the same task, WLCs in HA shall get a new IP.

I was wondering that you have to break the HA, can't we just enter the 3 new IPs and apply the new setup?

 

erase startup reload
Level 1
Level 1
In response to klohse

‎10-14-2020 06:11 PM

I'm wondering the same thing here. I don't need to update management IPs, I just need to update the gateway IP, still in the same subnet. Still, thank you for posting this and informing us that when you break the HA, the WLC will reboot. That would be scary if not expecting it.

0 Helpful

erase startup reload
Level 1
Level 1

‎10-14-2020 06:40 PM

Your management IPs are different, is that supposed to be like that? I thought with HA the management IPs should be the same. If I'm incorrect, what happens in a failover event when the management IP is different and the APs cannot build the CAPWAP tunnel?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card