How To Upgrade WLC In HA Setup

baramamu · ‎11-20-2012

Introduction
Restrictions For Upgrade
Guidelines For Upgrade
Upgrade Procedure
More Information
High Availability in Release 7.3 and 7.4
High Availability in Release 7.5
Related Information

Introduction

This document discuss about how to upgrade the WLC configured in High Availability (HA) setup. The new High availability feature that is( Access Point Stateful Switchover (AP SSO)) introduced in the 7.3 allows you to configure the WLC in Hot standby mode . In Hot standby mode, the Access points do not go in to Discovery state in case the Active WLC fails and the Standby WLC takes over the place of Active WLC.This feature greatly helps in reducing the downtime on wireless networks.

Before Release 7.3 in a Cisco Unified Wireless Network deployment, an access point could be configured with primary, secondary, and sometimes even tertiary controllers. When the primary controller failed, depending upon the number of access points managed by a controller, the access point may be down for tens to hundreds of seconds before failing over to the secondary controller. Once it detected that the primary controller was unavailable, the access point would have to rediscover the controller and reestablish the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel to the secondary controller. In addition, the client would need to reauthenticate with the access point and reestablish any session-sensitive applications such as Telnet or Citrix.

With Release 7.3, a controller can be configured as a hot standby controller to another controller designated as the active controller. The redundancy ports of these two controllers are connected with an Ethernet cable. This connection is used to exchange configurations and keep the databases in sync. The standby controller maintains the CAPWAP states of the access points connected to the active controller. This is why a subsecond failover can be achieved from the active controller to the standby.

The standby controller also syncs the pairwise master key (PMK) key cache from the active controller. In this way, when the client reassociates with the access point, there is no need for the controller to reauthenticate with the RADIUS server -Figure.

Restrictions For Upgrade

Upon configuring the WLC's in HA setup, the Standby WLC's cannot be upgraded directly from the TFTP/FTP servers.
Direct upload and download configuration is not possible in Standby WLC.
All download file types (such as image, configuration etc..) are downloaded in the Active WLC first and then pushed automatically to Standby WLC
Since Service Upgrade is not supported in this release, plan for a network downtime before you go for upgrade for the WLC's in HA setup.

Guidelines For Upgrade

Before you initiate the upgrade in HA setup, ensure that the peer should be configured in Hot Standby state.
To avoid any software version mismatch in WLC's it is always recommended to reboot both the WLC's almost together after the upgrade.
The download of certificates should be done separately on each box and should be done before pairing.

Upgrade Procedure

Use CLI/GUI to initiate the upgrade on the Active WLC in the HA setup and wait for the upgrade to finish.
The Active WLC executes all the upgrade scripts and transfers the entire image to the Standby WLC using the Redundant Port
Upon receiving the entire image from the Active WLC, the Standby WLC starts executing the upgrade scripts.

Note: The transfer of image to the Standby WLC and upgrades happening in the Standby WLC can be seen on the Active WLC via

Console/Telnet/SSH/Http connection.

4. Once the Standby WLC completes the upgrade successfully, you can see a Successful message (which is observed on the Active WLC), issue the show boot command on the Active WLC to make sure that the new image is set as the primary image.

5. To transfer the new image to all the AP's in the network, initiate Primary image pre-download from the Active WLC.

6.In order to verify that the primary image on WLC is set as the backup image on AP's use the command show ap image all

7. The WLC's and AP's primary image is set to the new image by Initiating swap option. This option interchange the backup image as primary on the AP's.

8. Use the command schedule-reset (as per planned outage) along with the no swap option, to reset the AP's and WLC's so that they can boot with the new image.

9. The Standby WLC will reset just one minute before the scheduled resettime to boot and come up first to take over the network with the new image.

10. All the AP's will reboot and join the new Active WLC and the previous Active WLC will change its role to Standby

Note: To verify that both the WLC's and AP's have booted with the new image use the commands show boot,show sysinfo,show ap image all and show redundancy summary

More Information

High Availability in Release 7.3 and 7.4

The new architecture for HA is for box-to-box redundancy. In other words, 1:1 where one WLC will be in an Active state and the second WLC will be in a Hot Standby state continuously monitoring the health of the Active WLC via a Redundant Port. Both the WLCs will share the same set of configurations including the IP address of the Management interface. The WLC in the Standby state does not need to be configured independently as the entire configuration (Bulk Configuration while boot up and Incremental Configuration in runtime) will be synched from the Active WLC to the Standby WLC via a Redundant Port. The AP's CAPWAP State (only APs which are in a run state) is also synched, and a mirror copy of the AP database is maintained on the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network's Active WLC.

There is no preempt functionality. When the previous Active WLC comes back, it will not take the role of the Active WLC, but will negotiate its state with the current Active WLC and transition to a Standby state. The Active and Standby decision is not an automated election process. The Active/Standby WLC is decided based on HA SKU (Manufacturing Ordered UDI) from release 7.3 onwards. A WLC with HA SKU UDI will always be the Standby WLC for the first time when it boots and pairs up with a WLC running a permanent count license. For existing WLCs having a permanent count license, the Active/Standby decision can be made based on manual configuration.

AP SSO is supported on 5500/7500/8500 and WiSM-2 WLCs. Release 7.3 only supports AP SSO that will ensure that the AP sessions are intact after switchover. MAPs, which are treated as mesh clients on RAP, are not de-authenticated with AP SSO.

Client SSO is supported on 5500/7500/8500 and WiSM2 WLCs from release 7.5 onwards.

High Availability in Release 7.5

To support High Availability without impacting service, there needs to be support for seamless transition of clients and APs from the active controller to the standby controller. Release 7.5 supports Client Stateful Switch Over (Client SSO) in Wireless LAN controllers. Client SSO will be supported for clients which have already completed the authentication and DHCP phase and have started passing traffic. With Client SSO, a client's information is synced to the Standby WLC when the client associates to the WLC or the client’s parameters change. Fully authenticated clients, i.e. the ones in Run state, are synced to the Standby and thus, client re-association is avoided on switchover making the failover seamless for the APs as well as for the clients, resulting in zero client service downtime and no SSID outage.