WLC High Availability (AP SSO) Guidelines
This document is to provide education on issues we have seen with this feature for the various WLC code versions.
Overall Recommendations
- If you are running any code version prior to 7.4.100.60 you need to upgrade the controller to avoid any of these issues.
- For HA deployments, it is recommended that even if you are running 7.4.100.60 that you upgrade to the latest MR which is 7.4.110.0.
Current 7.3 bugs
CSCuc34199 - Silent crash on WLC running 7.3.101.0
No workaround. The system does stay up, but switches back and forth between primary and secondary quite frequently.
CSCuc74677 - High Availability controller rebooting and losing its ap count license. You have to re-install the ap-count license on the active controller in order to recover from this bug.
CSCub95009 - Pmalloc memory corruption seen on the active HA WLC
Current 7.4 bugs
CSCue61613 : Privacy Bit not set in the Beacon after HA failover
This causes dot1x clients to fail association after about an hour after failover.
To be included in next MR. Workaround is to disable and re-enable the wlan after a failover.
CSCue02707 - HA redundancy does not fail-over to standby when powercycled
To be included in next MR.
CSCue02718 - HA redundancy does not fail-over to standby when removing ETH cable
This bug has other symptoms like: Reload request Category: Default Gateway is not reachable.
To be included in next MR.
CSCud78928- HA secondary controller goes in a rebooting loop
To be included in next MR.
CSCue33125 Unable to enable "bootp-broadcast" with HA SSO configured
To be included in next MR.
CSCue17421 - RRM AP Neighbor list is not synced to HA Standby after switchover
CSCue90110 - Clients not removed from AP after HA failover
Use different SSID for local mode APs if you have local & flex APs.
Reboot APs after failover
CSCud98562 - HA redundancy configuration is not shown in run-config commands
CSCue38133 - Need to reset 90 day license timer on secondary controller
CSCue79462 - mobility to other WLCs (on 7.0/7.2) goes down after a failover to standby controller.
This is an incompatibility between 7.3/7.4 and 7.0/7.2. Please keep in mind that this issue happens if the WLCs are on the same VLAN.
A good workaround is to put the 7.3/7.4 HA pair on a different subnet to 7.0/7.2 controllers.
CSCuj17884 - Memory leak on HA AP SSO 7.4.110.0
This is resolved in the MR2 beta image that can be obtained via Tac or this support document 7.4MR2 Pre-release Image Download Available
Webauth Certificates
The webauth certificate has to be installed on BOTH controllers prior to setting up HA. If the controllers are already setup in HA and you install the certificate, it will only be installed on the primary wlc. It does not get copied to the secondary unit like the configuration. If the primary fails over to the secondary for some reason, webauth clients will get the certificate warning error until the primary becomes active again. This is noted in the configuration guide for 7.3 and 7.4, but worth mentioning here. If this is not done prior to enabling HA, then it will have to be disabled in order to install the certificate on the secondary controller.