Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
7181
Views
5
Helpful
1
Comments

WLC High Availability (AP SSO) Guidelines

pcroak
Cisco Employee
Cisco Employee

‎04-19-2013 01:00 PM - edited ‎11-18-2020 03:02 AM

WLC High Availability (AP SSO) Guidelines

 

This document is to provide education on issues we have seen with this feature for the various WLC code versions.

 

Overall Recommendations

 

  • If you are running any code version prior to 7.4.100.60 you need to upgrade the controller to avoid any of these issues.
  • For HA deployments, it is recommended that even if you are running 7.4.100.60 that you upgrade to the latest MR which is 7.4.110.0.

 

 

Current 7.3 bugs

CSCuc34199 - Silent crash on WLC running 7.3.101.0

No workaround. The system does stay up, but switches back and forth between primary and secondary quite frequently.

CSCuc74677 - High Availability controller rebooting and losing its ap count license. You have to re-install the ap-count license on the active controller in order to recover from this bug.

CSCub95009 - Pmalloc memory corruption seen on the active HA WLC
 

Current 7.4 bugs

CSCue61613 : Privacy Bit not set in the Beacon after HA failover
This causes dot1x clients to fail association after about an hour after failover.
To be included in next MR. Workaround is to disable and re-enable the wlan after a failover.

CSCue02707 - HA redundancy does not fail-over to standby when powercycled
To be included in next MR.

CSCue02718 - HA redundancy does not fail-over to standby when removing ETH cable
This bug has other symptoms like: Reload request Category: Default Gateway is not reachable.
To be included in next MR.

CSCud78928- HA secondary controller goes in a rebooting loop
To be included in next MR.

CSCue33125 Unable to enable "bootp-broadcast" with HA SSO configured
To be included in next MR.

CSCue17421 - RRM AP Neighbor list is not synced to HA Standby after switchover

CSCue90110 - Clients not removed from AP after HA failover
Use different SSID for local mode APs if you have local & flex APs. 
Reboot APs after failover

CSCud98562 - HA redundancy configuration is not shown in run-config commands

CSCue38133 - Need to reset 90 day license timer on secondary controller

CSCue79462 - mobility to other WLCs (on 7.0/7.2) goes down after a failover to standby controller.
This is an incompatibility between 7.3/7.4 and 7.0/7.2. Please keep in mind that this issue happens if the WLCs are on the same VLAN.
A good workaround is to put the 7.3/7.4 HA pair on a different subnet to 7.0/7.2 controllers.

CSCuj17884 - Memory leak on HA AP SSO 7.4.110.0

This is resolved in the MR2 beta image that can be obtained via Tac or this support document 7.4MR2 Pre-release Image Download Available

 

 

Webauth Certificates

The webauth certificate has to be installed on BOTH controllers prior to setting up HA. If the controllers are already setup in HA and you install the certificate, it will only be installed on the primary wlc. It does not get copied to the secondary unit like the configuration. If the primary fails over to the secondary for some reason, webauth clients will get the certificate warning error until the primary becomes active again. This is noted in the configuration guide for 7.3 and 7.4, but worth mentioning here. If this is not done prior to enabling HA, then it will have to be disabled in order to install the certificate on the secondary controller.

Comments
amkarnik
Cisco Employee
Cisco Employee
‎09-24-2020 10:49 PM

Clearing configured redundancy IPs after disabling HA SSO

 

Is there a way to clear/ reset configured redundancy IPs to 0.0.0.0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents