02-14-2014 07:09 AM - edited 07-05-2021 12:11 AM
HI everyone,
I'm currently doing a proof of concept on the AP SSO feature running on WLC 7.4.121.
The first thing I would like be sure is that client SSO is not avalaible in 7.4.X release, i need to upgarde to 7.5.X, Am I right ?
The second thing I would like to share and investigate with you is about AP SSO not currently working in my topology.
I have 2 seperate C6500 (SUP720-3B) switches with 1 WISM2 in each and both switches interconnected trough a 10G port.
I enable AP SSO on both WLC that synchronize themselves trough the 10G port on a special redundancy VLAN.
They both synchronize, and everything is working (both AP database on primary and standby WLC).
What I can't understand is when forcing switchover on the primary (redundancy force-switchover command), the fallback is doing great to the standby WLC but the AP still get into CAPWAP DISCOVER state because of a timeout with the following logging message
*Feb 14 15:36:37.727: %CAPWAP-3-ERRORLOG: Sequence number (0) mismatch in request messageDeleting clients for centrally switched wlan 1
Deleting clients for centrally switched wlan 1
Sending hreap clients to wlc on HA event
AP1cdf.0f66.90b4#
% Cannot enable CDP on this interface, since CDP is not running
% Cannot enable CDP on this interface, since CDP is not running
., 5)14 15:37:22.934: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
*Feb 14 15:37:22.934: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
So the SSID is unavalaible for a certain period of time as it would be with N+1 redundancy.
I also saw that some documentation said that tle WLC needs to be run on a VSS (
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113681-high-availability-dg-00.html) and some other say the contrary (http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1130-ag-series/qa_c67-714540.html)
Did you manage to get AP SSO working and did you ever have this issue ?
Thank for you help !
02-14-2014 11:02 AM
HI Max,
The first thing I would like be sure is that client SSO is not avalaible in 7.4.X release, i need to upgarde to 7.5.X, Am I right ?
The second thing I would like to share and investigate with you is about AP SSO not currently working in my topology.
Yes you need 7.5 version on WLC for Client SSO.
I never seen this tiype of error, You must contatc TAC and tell them about this issue.
Regards
Dont forget to rate helpful posts
02-14-2014 01:21 PM
yes the VSS must be configured between the 2 6K switches.
can you share show run-config from both WISMs ?
02-14-2014 06:03 PM
Here is a good reference presentation for HA in Wireless deployments.
BRKEWN-3014-Best Practices to Deploy HA in WLAN Architecture
HTH
Rasika
*** Pls rate all useful responses ****
02-14-2014 08:58 PM
Firmware version 7.5 has been deferred by Cisco.
You can no longer download this software.
You could potentially use 7.6 firmware. Please upgrade the FUS to 1.9.0 also.
02-15-2014 06:52 AM
I have to say ap Sso is hit or miss. I considered deploying it myself but came to my senses based on all the problems.
I'm waiting till it gets more stable. Also how often does a controller go down ? I'm doing HA N+1.. That works very well ,.
Sent from Cisco Technical Support iPhone App
02-15-2014 05:01 PM
I have to say ap Sso is hit or miss. I considered deploying it myself but came to my senses based on all the problems.
We have 3700 so we have no choice.
So far, haven't seen any issues with 7.6.X except for me disabling 12 Mbps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide