cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6921
Views
15
Helpful
20
Comments
20 Comments
PFG TAC
Level 1
Level 1

Hello Mohit,

Really your video is very helpful for me to understand the actual process of enabling the AP-SSO operation.

I have few questions to you....

1. Is it, the Redundant management IP address is pingable?

2. How to verify the port status of Redundant port?

3. I am haivng 1000 AP license in each Flex Controller, is it possible to merge two License into single and get total of 2000APs license. Since, the requirement is to have minimum license only on secondary and doesn't required any license on Primary.

Please advise on this at your earliest..

Regards,

Manny

mopaul
Cisco Employee
Cisco Employee

Hi Manny,

Glad you liked the information shared in this video.

1. Yes, the RMI is pingable. Because RMI has to verify the management gateway reachability as it is a critical decision making factor for controllers to trigger failover & take up roles (active/standby) accordingly.

2. There is no way to identify the RP status. Max. you can try is to ping the RP IP address of peer as they are pingable ONLY between peer controllers and not on infra.

3. No, you can't merge licenses. True, the requirement to have 0 or minimum 50 AP license count is there to make the unit as secondary. The number of APs will be served by the paired up controllers based on the AP count you have on Primary controller. For instance, if Primary has 12 AP license and Secondary is with bare minimum 50 AP count. Once you pair up the controllers, the total AP count serve will be 12.

HTH

Regards,

Mohit

Please do keep positing your comments/feedback/doubts and dont forget to rate the video and solution to your questions/comment

PFG TAC
Level 1
Level 1

IMG00117-20130121-0758.jpg IMG00118-20130121-0800.jpg Hi Mohit,

Thanks for your quick response...

I am not able to ping the RMI address on both the Flex Controller's. I have connected  the cable and tested the Layer 1 is good and followed the IP address assignment as per the document.

I have attached the snap shot of both the Controllers and also, please see the below mentioned output.

(Cisco Controller) >show port sum

           STP   Admin   Physical   Physical   Link   Link
Pr  Type   Stat   Mode     Mode      Status   Status  Trap     POE
-- ------- ---- ------- ---------- ---------- ------ ------- ---------
1  Normal  Forw Enable  Auto       10000 Full Up     Enable  N/A
2  Normal  Forw Enable  Auto       10000 Full Up     Enable  N/A

(Cisco Controller) >show interface sum


Number of Interfaces.......................... 7

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Gu                                                                                        est
-------------------------------- ---- -------- --------------- ------- ------ --                                                                                        ---
management                       1    untagged 10.222.11.50    Static  Yes    No                                                                                       
redundancy-management            1    untagged 10.222.11.52    Static  No     No                                                                                       
redundancy-port                  -    untagged 169.254.11.52   Static  No     No                                                                                       
pfg-guest                        1    84       10.21.84.100    Dynamic No     No                                                                                       
pfg-mil-160m                     1    8        10.29.8.6       Dynamic No     No                                                                                       
service-port                     N/A  N/A      0.0.0.0         DHCP    No     No                                                                                       
virtual                          N/A  N/A      1.1.1.1         Static  No     No                                                                                       

(Cisco Controller) >ping 10.222.11.52 ------------------------------> RMI - Primary

Send count=3, Receive count=0 from 10.222.11.52
(Cisco Controller) >ping 10.222.11.50 ------------------------------> Primary Mgmt IP

Send count=3, Receive count=3 from 10.222.11.50

(Cisco Controller) >ping 10.222.11.51 -------------------------------> Secondary Mgmt IP

Send count=3, Receive count=3 from 10.222.11.51

(Cisco Controller) >ping 10.222.11.53---------------------------------> Peer RMI - Secondary

Send count=3, Receive count=0 from 10.222.11.53

(Cisco Controller) >

Please advise

Mahmoud
Level 1
Level 1

thanks for the post

can we connect both RP of WLCs via switches

mopaul
Cisco Employee
Cisco Employee

yes, keep it in layer 2. However, recommended would be to connect them back to back.

Mahmoud
Level 1
Level 1

I have two standalone WLCs 5508 with 50 base license for each one  but the WLCs located in different data centers that connected via fiber cable.

my  action plan is

-specific vlan Y at both switches to connect the RP ports with access mode.

-WLCs managment and RMI at same subnet (vlan X) with tagging at both switches and WLCs interfaces.

-do the rest of configurations like video

any recommendation is appreciated

mopaul
Cisco Employee
Cisco Employee

Yeah RPs need to have L2 adjacency.

Right, since RMI intf is created as part of the mgmt subnet, you would need to keep them in same vlan as you also suggested above.

Configuration sync and keepalives will be sent across RP.

Don't miss to keep below into consideration :-

1. RTT Latency on the redundancy link is 80 milliseconds by default. The RTT should be 80% of the Keepalive timer which is configurable in the range 100-400 milliseconds.
2. Failure detection time is 3*100 + 60 + jitter (12 msec) = ~400 msec
3. Bandwidth: 60 Mbps or more
4. MTU: 1500

Hope this helps... Good luck!

Mahmoud
Level 1
Level 1

thanks so much for reply , I appreciate that

I only have a doubt about if something missed or goes wrong during HA configuration do I will loose my configuration of the WLC as one of them is used as a primary one to connect 40 APs .

what expected time to do this action ,just to ask for a suitable outage time

mopaul
Cisco Employee
Cisco Employee

1. You may lose out on WLC's configuration which you intend to make secondary. Primary WLC's config will remain intact. However, i would recommend you to take backup of both WLCs in advance so it is easy to restore later.

2. Not more than 15mins to set up HA completely. You can keep 15mins for rollback and 5-10mins for config backup. Overall, 45mins-1hr should be your maintenance window.

Mahmoud
Level 1
Level 1

-the WLCs are running

Software Version 7.5.102.0

do you think it is a stable version or there is a recommended one from cisco

-in most HA examples they use untagged interfaces for management and RMI but in my case I have alot of vlans so my management is tagged , is there is any special configurations I need for that

thanks

mopaul
Cisco Employee
Cisco Employee

1. Try AIR-CT5500-K9-8-0-121-0.aes

Release Notes 8.0.121.0

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80mr2.html

Release notes 8.0

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/wlcrn80.html#pgfId-1254764

2. A redundancy VLAN should be a nonroutable VLAN in which a Layer 3 interface should not be created for the VLAN, and the interface should be allowed on the trunk port to extend an HA setup between multiple chassis. Redundancy VLAN should be created like any other data VLAN on Cisco IOS-based switching software. 

No, just keep Management and RMI on same subnet. In case of RP, it will auto-assign IP using last two octets of RMI and first two octets are always 169.254.

Mahmoud
Level 1
Level 1

Hello

I tried the HA but unfortunately both WlCs restarted in maintenance mode so restarted primary one (in my site) and it worked fine like before but because of the other one in a remote site I cant restart it .so is there is any workaround to telnent it as I cant even ping the management or rmi interfaces.

This exercise should happen in the future when the connectivity of RP is lost due to connectivity between both sites so I have to get access all the time to WLC even in maintenance mode by any possible way without the need of console or restart it physically

Your support is highly appreciated

mopaul
Cisco Employee
Cisco Employee

Yeah, If the controllers cannot reach each other through the redundant port and the RMI, the primary controller becomes active and the standby-hot controller goes into the maintenance mode.

The WLC should be rebooted in order to bring it out of Maintenance Mode. Only the Console and Service Port is active in Maintenance Mode.

Since in your case, both went into maintenance, please ensure:-

1. same hardware and software version in place

2. proper gateway reachability from both wlcs independently

3. RMI and the redundancy port should be in two separate Layer2 VLANs, which is a mandatory configuration.  

4. NOT SUPPORTED SCENARIO :

 The primary controller has the management address and the redundancy management address in the same VLAN, and the secondary controller has the management address in the same VLAN as the primary one, and the redundancy management address in a different VLAN.

When HA is enabled, the standby controller always uses RMI and all the other interfaces, dynamic and management, are invalid. A ping must only accept RMI as source and not other interfaces.

Also note, It is not possible to access the standby-hot controller through the controller GUI, Cisco Prime Infrastructure, or Telnet. You can access the standby-hot controller only on its console.

Mahmoud
Level 1
Level 1

-If I configure the service port with Ip in different vlan than management and RP can I get access to the WLC during the maintenance mode

-the RMI is not pingable from the gateway is this normal?

mopaul
Cisco Employee
Cisco Employee

1. Yes, SP can be in different VLAN than management and it should be configured that ways irrespective of HA or standalone

2. ICMP packets are generated from the Redundancy Management Interface to check the default gateway reachability of controllers in the Active and Standby states. Gw reachability is one of the deciding factors in role change under HA environment. Hence, RMI IP address should be pingable from GW i.e RMI does respond to ICMP when ping is sourced from Gw

*GW=Gateway

Also note that the RMI is also used to send notifications from the active controller to the standby controller if a failure or manual reset occurs. The standby controller uses the Redundancy Management Interface to communicate to the syslog, NTP server, and TFTP server to upload any configuration.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

French webcast-routing