WLC 5520 CIMC strategy

Johannes Luther · ‎10-22-2018

Hi board,

I'm wondering how other use and manage the CIMC in the UCS based WLC appliances. Cisco is sending different signals here how and whether this thing should be used (or not).

Here are some examples:

CIMC web interface is for advanced debugging for TAC and escalation use only. Changing of settings in the CIMC by customers can cause adverse impact on controller software and functionality.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/5500/5520/install-guide/b-wlc-ig-5520/m-overview.html#task_1281012

I'm not a native speaker, but this means to not touch unless the TAC tells you.

The AIR-CT5520-K9 and AIR-CT8540-K9 controller models are based on Cisco UCS server C series, C220 and C240 M4 respectively. These controller models have CIMC utility that can edit or monitor low-level physical parts such as power, memory, disks, fan, temperature, and provide remote console access to the controllers.

We recommend that you upgrade the CIMC utility to Version 3.0(4d) that has been certified to be used with these controllers

https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn88.html#cimc-upgrade

This means, that the CIMC is very helpful to monitor (and control) hardware related information of the WLC (and I agree with that).

From my point of view you need proper CIMC access to the WLC to get the health status of the appliance. The WLC AireOS is not able to monitor all hardware related issues I guess.

So what's the truth here?

Furthermore, the CIMC is very often subject to security advisories. The recommended CIMC software for the WLC is kinda old.

Is it supported to use a newer version? How do you handle the WLC CIMC in your production?

At least in other UCS deployments (like ISE) I fully configure the CIMC including Syslog, SNMP, proper SSL certificates etc.... but I'm quite unsure if this is supported by Cisco in the WLC 5520 (do not touch note in the hardware installation guide).

Cisco please - send clear messages to us (or at least messages I understand)

Leo Laohoo · ‎10-22-2018

I have 8540s and I have CIMC enabled and wired.
Very useful, say, if a unit goes nuts. I just jump into the CIMC and issue a remote command to power down the unit (or reboot).

Johannes Luther · ‎10-22-2018

Hi Leo,

I totally agree. Especially when configured correctly and integrated into system management (SNMP, Syslog), the CIMC is very useful. But my question is more in the direction to Cisco ... Are we losing a supported solution if "fiddling" around with the CIMC configuration and software? (Because - remember the hardware installation guide: "DO NOT EVER TOUCH" :) )

Of course you might break things like booting etc. if you configure something wrong... But with this argumentation, nobody should ever access the ROMMON of an IOS switch or router :)

Leo Laohoo · ‎10-22-2018

I have never seen this warning before. If this warning was published after I deployed my first 8540 then it's too late, CIMC is now part of our process to stand up a 8540.
No idea why Cisco would not recommend people configuring CIMC.

Johannes Luther · ‎10-22-2018

Totally agree again :)

So what SW are you using? The version mentioned in the release notes (3.0(4d)) or newer ones (we are at 3.0(4j) in the 3.0(4) train)? Cisco even recommends the 4.x versions UCS C220M4.

Leo Laohoo · ‎10-23-2018

Currently using 3.0(4d),

pieterh · ‎10-23-2018

I prefer to upgrade where possible, But some warning there may be be a prerequisite between CIMC version and WLC version.

especially in case of the UCS as appliance, the CIMC can interact with the ADE-OS and application (WLC, Prime),

( I think it was ECC errors signalled by CIMC in the PRIME alarms)

so you need to upgrade as a package, not only CIMC individually but also related components

I think this is controlled by HUU?