10-07-2022 07:22 AM - edited 10-07-2022 07:31 AM
Hi All,
I'm hoping you can advise here. We have 2x 5520 wlc's in an SSO pair. I've tried to replicate breaking the SSO pair and what would happen in GNS3 however, gns3 doesn't seem to support redundancy in the wlc. So am looking for advice form someone who has broken an SSO pair, what the procedure would be, and what was observed during the breaking of the SSO. I'm thinking it should be fairly straightforward, just not too sure of what to expect once the SSO has been broken. Any help/advice greatly appreciated. Thankyou.
Solved! Go to Solution.
10-09-2022 07:00 AM - edited 10-09-2022 07:07 AM
The command is in the link @balaji.bandi provided and also newer version of the guide at https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-7/High_Availability_DG.html#pgfId-202217
Disabling SSO on HA Pair
1. On primary controller, disable SSO using the command:
Config redundancy mode disable
The Active and Standby WLCs reboot once this command is executed.
The standby controller, when it comes back after the reboot, has the same IP address on interfaces as the primary controller and all the ports disabled.
2. On the standby controller, re-enter the correct IP addresses corresponding to the management and dynamic interfaces and execute the following command:
Config port adminmode all enable
3. Save the configuration on the controller.
4. To re-enable SSO, execute the command Config redundancy sso on the primary and secondary controllers.
Both controllers reboot and pair up in the SSO mode. The standby will sync its configuration from the primary and come back in Hot-standby mode.
Also discussed at https://community.cisco.com/t5/wireless/what-happens-when-splitting-ha-pair-wlc-5508/td-p/3211533
10-08-2022 05:47 AM
HA means you need 2 Physical one to work as HA
you can refer below guide :
You can break the HA for some reasons like :
replacing the failed unit or upgrade for testing so on...
personally, I do not believe this works on GNS3 as HA, since I have not come across that vWLC supports HA here.
10-10-2022 08:03 AM
Thankyou for your reply. Yes we already have a HA which I want to break as this is no longer required. I will take a look at the commands you have posted.
10-09-2022 07:00 AM - edited 10-09-2022 07:07 AM
The command is in the link @balaji.bandi provided and also newer version of the guide at https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-7/High_Availability_DG.html#pgfId-202217
Disabling SSO on HA Pair
1. On primary controller, disable SSO using the command:
Config redundancy mode disable
The Active and Standby WLCs reboot once this command is executed.
The standby controller, when it comes back after the reboot, has the same IP address on interfaces as the primary controller and all the ports disabled.
2. On the standby controller, re-enter the correct IP addresses corresponding to the management and dynamic interfaces and execute the following command:
Config port adminmode all enable
3. Save the configuration on the controller.
4. To re-enable SSO, execute the command Config redundancy sso on the primary and secondary controllers.
Both controllers reboot and pair up in the SSO mode. The standby will sync its configuration from the primary and come back in Hot-standby mode.
Also discussed at https://community.cisco.com/t5/wireless/what-happens-when-splitting-ha-pair-wlc-5508/td-p/3211533
10-10-2022 08:07 AM
Thankyou. Exactly what I was looking for I just wanted to know how the controller would react once I had disabled the SSO as I cant do this in a virtual lab environment. The standby controller will be used at another site as a foreign controller so I wont require step 2 of your solution.
10-13-2022 02:48 AM
Hi again,
You mention this 'The standby controller, when it comes back after the reboot, has the same IP address on interfaces as the primary controller and all the ports disabled.' So will that mean I wont be able to access what was the standby controller? you say same ip addresses i imagine will be using the same management ip address as primary but disabled?.. As long as the primary comes back up with the APs on this i will be decommissioning what was the secondary controller so don't necessarily need remote access - but if it causes issues and i need to get on remotely that could be a problem..
10-18-2022 06:13 AM
I broke the SSO all went well. The secondary controller, now stand alone had all its ports disabled as I had expected. I ran the command to re-enable to ports:
Config port adminmode all enable
However, I cannot get back on the service-port / or ping it. The port is set to dhcp and I can see it come up strangely in the dhcp server.
I also tried using the management port but it looks like this was configured to use fibre - how can i change it so that the rj45 port for management is used? Any ideas on both ?
Thanks
10-13-2022 06:31 AM
And that's why you should always have the CIMC connected and configured.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide