Solved: Re: 9800 WLC - HA

besart-rexhepi · ‎03-08-2026

Hi

I have two WLC 9800 in HA.

Active WLC is in server room A Standby WLC is in server room B.

RP is connected with direct fiber.

Link ports are connected to 9500 switch (one in server room A and one in server room B) between the switches I have a trunk that allows all VLANs.

In the switches I have "Port-Channel x Mode On" but only one link from WLC (for now).

When I do a failover the standby wlc does not take over. I am wondering if it is "Channel-group X mode On" that causes the standby wlc not to take over becauce the port do not get up?

Shouldn't I have "Channel-Group x mode Active"?

Both WLC have a path to the Default Gateway.

beepmeep · ‎03-08-2026

Yes, I just verified on a setup i manage. The port-channels connected to both WLCs are up/up.

View solution in original post

Mark Elsen · ‎03-08-2026

- @besart-rexhepi Before doing the failover test(s) could you first verify if there is a solid HA SSO state
for the controllers using these CLI commands (on the active controller ) :
test wireless redundancy rping
show chassis ha-status local
show chassis ha-status active
show chassis ha-status standby

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

View solution in original post

besart-rexhepi · ‎03-08-2026

Now it works.
Broken SFP on the Passive WLC

Thx to you all

View solution in original post

beepmeep · ‎03-08-2026

You need to have the same configuration on the connected 9500 switch. If you're using switchport mode active on switch, you also need to do it on WLC. Likewise, if you're using mode on on the WLC, you need mode on, on the links connecting to the WLC on the switch.

I usually use LACP (mode active), but both can work.

The links should always be up on both the active and standby WLC. Also, make sure to have the same VLANs allowed on both links (and the required VLANs created on both switches).

besart-rexhepi · ‎03-08-2026

Are you sure the link on the Standby WLC should be open "status connected"?

I would like to believe that it will come up when it takes over the role of active?

On WLC i have "mode on" and same on switch side.

On active WLC it works but not on standby WLC.

Server room A

- Active WLC + connected to one 9500 switch

Server room B

- Standby WLC + Connected to another 9500 switch.

Then I have one trunk from Switch A to Switch B

beepmeep · ‎03-08-2026

Yes, I just verified on a setup i manage. The port-channels connected to both WLCs are up/up.

besart-rexhepi · ‎03-08-2026

Many thanks

Maybe there is something wrong with my SFPs in that WLC.

I will try replacing them tomorrow.

Are you also running RMI+RP (Redundancy Pairing Type)?

Mark Elsen · ‎03-08-2026

- @besart-rexhepi As far as verifying the SFP's is concert for the RP port; you can use
show platform hardware slot R0 ha_port interface stats
show platform hardware slot R0 ha_port sfp idprom

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Mark Elsen · ‎03-08-2026

- @besart-rexhepi Before doing the failover test(s) could you first verify if there is a solid HA SSO state
for the controllers using these CLI commands (on the active controller ) :
test wireless redundancy rping
show chassis ha-status local
show chassis ha-status active
show chassis ha-status standby

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

besart-rexhepi · ‎03-08-2026

WLC#test wireless redundancy rping
Redundancy Port ping

PING 169.254.0.169 (169.254.0.169) 56(84) bytes of data.
64 bytes from 169.254.0.169: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 169.254.0.169: icmp_seq=2 ttl=64 time=0.111 ms
64 bytes from 169.254.0.169: icmp_seq=3 ttl=64 time=0.099 ms

WLC#show chassis ha-status local

My state = ACTIVE
Peer state = STANDBY HOT
Last switchover reason = Active lost GW
Last switchover time = 11:29:05 cet Sun Mar 8 2026
Image Version = 17.12.4

Chassis-HA Local-IP Remote-IP MASK HA-Interface
-----------------------------------------------------------------------------
This Boot: 169.254.0.170 169.254.0.169 255.255.255.0

Next Boot: 169.254.0.170 169.254.0.169 255.255.255.0

Chassis-HA Chassis# Priority IFMac Address Peer-timeout(ms)*Max-retry
-----------------------------------------------------------------------------------------
This Boot: 2 1 100*5

Next Boot: 2 1 100*5

WLC#show chassis ha-status active

My state = ACTIVE
Peer state = STANDBY HOT
Last switchover reason = Active lost GW
Last switchover time = 11:29:05 cet Sun Mar 8 2026
Image Version = 17.12.4

Chassis-HA Local-IP Remote-IP MASK HA-Interface
-----------------------------------------------------------------------------
This Boot: 169.254.0.170 169.254.0.169 255.255.255.0

Next Boot: 169.254.0.170 169.254.0.169 255.255.255.0

Chassis-HA Chassis# Priority IFMac Address Peer-timeout(ms)*Max-retry
-----------------------------------------------------------------------------------------
This Boot: 2 1 100*5

Next Boot: 2 1 100*5

WLC#show chassis ha-status standby

My state = STANDBY HOT
Peer state = ACTIVE
Last switchover reason = Active lost GW
Last switchover time = 11:29:05 cet Sun Mar 8 2026
Image Version = 17.12.4

Chassis-HA Local-IP Remote-IP MASK HA-Interface
-----------------------------------------------------------------------------
This Boot: 169.254.0.169 169.254.0.170 255.255.255.0

Next Boot: 169.254.0.169 169.254.0.170 255.255.255.0

Chassis-HA Chassis# Priority IFMac Address Peer-timeout(ms)*Max-retry
-----------------------------------------------------------------------------------------
This Boot: 1 2 100*5

Next Boot: 1 2 100*5

The RP Port i Connected (Green)
The link port on Standby WLC is Orange and from switch side "notcennected"

Mark Elsen · ‎03-08-2026

- @besart-rexhepi Those outputs are good; how do you execute or try the failover exactly

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

besart-rexhepi · ‎03-08-2026

I have tested:
1: redundancy force-switchover
2: reboot Active controller from CLI
3: Disconnect link port in Active WLC so its lose connection to GW

Same result whatever i try

Should the link port on the Standby WLC be orange or should it be green (connected from switch side)?

If it should be green then maybe it's something with my SFPs

Mark Elsen · ‎03-08-2026

- @besart-rexhepi For 1. and 2. check the logs on the standby controller ; preferably
have for instance a console connected to the standby and check it out when
it becomes active or is supposed too : https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213915-configure-catalyst-9800-wireless-control.html#toc-hId-2115279766
(also check the logs of the controller which is getting removed ; basically
have a follow up on both controller's logging , when a failover is tried)

3. Will only work with RMI + RP redundancy mode (not single RP SSO) ; also explained in
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220277-configure-high-availability-sso-on-catal.html

Reminder : validate the configuration on the primary controller
with the CLI command show tech wireless and feed the output from that into Wireless Config Analyzer
This is a mandatory basic task; (for instance when downloading the excell version of the
report all errors red flagged in the wlc_results Tab must always be corrected)

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Mark Elsen · ‎03-08-2026

- @besart-rexhepi Besides my 2 other replies always validate the configuration on the primary controller
with the CLI command show tech wireless and feed the output from that into Wireless Config Analyzer
This is a mandatory basic task; (all red errors for the controller part of the report, if any, must always get
corrected!)

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

besart-rexhepi · ‎03-08-2026

Now it works.
Broken SFP on the Passive WLC

Thx to you all

Leo Laohoo · ‎03-09-2026

@besart-rexhepi wrote:
Link ports are connected to 9500 switch (one in server room A and one in server room B) between the switches I have a trunk that allows all VLANs.

Are both 9500 in a VSS?

besart-rexhepi · ‎03-09-2026

No, not VSS, but I run HSRP on all SVIs.
The SFP from Standby WLC to switch was bad.

Now it works 🙂