9800-CL ESXi cluster / HA Redundancy port questions

mqontt · ‎08-19-2024

Hey Guys,

i'm coming up with some desing for a new deployment of vWLCs.

We'll have several vWLC hosted within our ESXi network cluster. Each HA SSO vWLC pair will be acting independently and serving some parts of the larger campus network with central switching of SSIDs.

My question is with regards to Redundancy connection for HA SSO members, between the ESXI network cluster members.

Does each vWLC HA SSO pair need to be on separate L2 segment for its redundancy connection? (diagram#1 each HA sso pair with its own VLAN for RP and then all RP VLANs trunked via L2switch in DC to other ESXI node)

Or can they share a single segment ? (diagram#2 - one redundancy VLAN serving all HA sso members on that ESXI and then direct connection to other ESXI) - would this even work ?

thanks!

marce1000 · ‎08-19-2024

- In principle , from the 9800-CL's viewpoint everything remains the same ,but I don't think the HA-SSO redundancy is officially supported , if it is being used on different hypervisor hosts (clustered or not). If it is being done , then the involved carrying vlan's must have the same vlan tag as the controllers use 'internally' for HA-SSO and the various vlans used (in human terms , the external vlans out of ESXI and or in between must have the same vlan number). This may not be feasible always.

Always advised when configuring 9800 controllers :
- Have an overall checkup of the 9800 controller's configuration with the CLI command
show tech wireless and feed the output from that into Wireless Config Analyzer
use the full command as denoted in green , do not use a simple show tech as input for this procedure

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎08-19-2024

- Addendum : a number of useful command in case of problems with HA SSO
show redundancy | i ptime|Location|Current Software state|Switchovers
show chassis
show chassis detail
show chassis ha-status local
show chassis ha-status active
show chassis ha-status standby
show chassis rmi
show redundancy
show redundancy history
show redundancy switchover history
show tech wireless redundancy
show redundancy states
show logging process stack_mgr internal to-file bootflash:
show platform hardware slot R0 ha_port interface stats

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎08-19-2024

- Perhaps my original statement of being not supported between physical (different) ESXi hosts must be corrected:
Have a look into https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-cl-dg.html#9800CLnetworkinterfacemappings
(advising to read the section completely)

Tx , M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Haydn Andrews · ‎08-19-2024

With VM and non VM SSO where you need to use a redundancy VLAN as you can not directly connect. DO NOT use the same as other clusters. I have seen wierd things happen. The whole SSO using a non routed VLAN is basically to simulate directly connecting a cable between the two WLCs.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***