Showing results for 
Search instead for 
Did you mean: 
Community Manager

Ask the Expert: High Availability on Wireless Lan Controller (WLC)

High Availability on Wireless Lan Controller (WLC) with Madhuri C.- Read the bioWith Madhuri C.

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions of Cisco expert Madhuri C.about the new High Availability (HA) feature (that is, AP SSO) set within the Cisco Unified Wireless Network software release version 7.3 This feature allows the access point (AP) to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with the Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC.

Madhuri C. is a customer support engineer at the Cisco Technical Assistance Center in Bangalore, India. During her four years of experience she has worked on a wide range of Cisco wireless products and technology such as autonomous IOS (aIOS) access points, wireless routers, wireless LAN controllers, wireless VoIP phones, wireless control systems, network control systems, prime infrastructure, and mobility services engines. She has also worked in LAN switching technology.

Remember to use the rating system to let Madhuri know if you have received an adequate response. 


Madhuri might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Wireless Mobility sub community discussion forum shortly after the event. This event lasts through March,22 2013. Visit this forum often to view responses to your questions and the questions of other community members. 

More Information :


Hi Robin,

WLC1 - Initially configured as Primary and is active currently.

WLC2 - Initially configured as Secondary and in standby mode.

1.  When you disabled switchport going to primary WLC1, gateway would not be reachable from primary. Thus the secondary wlc2 will come up as active wlc.

Scenario :

Network Issues
RP Port StatusPeer Reachable via Redundant ManagementGateway Reachable from ActiveGateway Reachable from StandbySwitchoverResults

UpYesNoYesYesSwitchover happens

2.After above step, WLC2 is still active.

Now when you enabled ports going to WLC1, WLC1 will negotiate and become standby on its own. There is no preempt functionality. That is when the previous Active WLC1 comes back, it will not take the role of the Active WLC, but will negotiate its state with the current Active WLC - WLC2 and transition to a Standby state.

Scenario now would be :

Network Issues
RP Port StatusPeer Reachable via Redundant ManagementGateway Reachable from ActiveGateway Reachable from StandbySwitchoverResults
UpYesYesYesNoNo Action

3. After above step, WLC2 is still active, and WLC 1 is standby. Now ports to WLC2 which is current active is brought down.

Scenario would be :

Network Issues
RP Port StatusPeer Reachable via Redundant ManagementGateway Reachable from ActiveGateway Reachable from StandbySwitchoverResults

UpYesNoYesYesSwitchover happens

so now WLC1 is back as active and WLC2 would be standby for which there is no network connectivity.

4. As WLC2 has switchport down, last scenario would be :

Network Issues
RP Port StatusPeer Reachable via Redundant ManagementGateway Reachable from ActiveGateway Reachable from StandbySwitchoverResults

UpYesYesNoNoStandby will reboot and check for gateway reachability. Will go in to maintenance mode if still not reachable.

Thus everything you have noticed is working as per design and is not a bug

We can get more clarity on this by issuing 'show redundancy summary' on both WLCs at every step to see current active, currnet standby and maintenance mode reason.

Let me know if this answered all your questions.



Thanks a lot!

Stefan Engel

Hello Madhuri,

I have a question regarding license.

We have two 5508 in our datacenter running 7.2, which I plan to upgrade to either 7.3 or 7.4. All our APs are in flex-connect mode. Each WLC has license for 200 APs (permanent). So I actually 'could' connect 400 AP (while give up redundancy).

Once I enable HA SSO, will I have 200 licence in total..or?

If I understand correct, the standby need to have minimum 50 license. Means I could move 150 from the secondary to my primary, which would give me a total of 350?

And in the future, if we need add APs, we just purchase add lic for the primary?

Appreciate your feedback.



Hi Stefan,

You can certainly transfer 150 license to primary wlc. This would make it 350 on one and 50 on standby to facilitate the HA pairing.

Please refer to rehost license section in below link :

Alternatively you could also raise a case with Cisco TAC  licensing team and they will be able to assist in moving 150 license from secondary to your primary.

For high-availability controllers when you enable HA, the controllers  synchronize with the enabled license count of the primary controller and support  high availability for up to the license count enabled on the primary controller.

Thus in future, you just need to add license on primary.



Thank you, all clear now.

Sent from Cisco Technical Support iPad App

Hi Madhuri.

I have been led to believe that the rehosting was limited to adder licenses only.


"Revoking a license from one controller and installing it on another is called rehosting. You might want to rehost a license in order to change the purpose of a controller. For example, if you want to move your OfficeExtend or indoor mesh access points to a different controller, you could transfer the adder license from one controller to another controller of the same model, say from one 5500 series controller to another 5500 series controller (intramodel transfer). This can be done in the case of RMA or a network rearchitecture that requires you to transfer licenses from one appliance to another. It is not possible to rehost base licenses in normal scenarios of network rearchitecture. The only exception where the transfer of base licenses is allowed is for RMA when you get a replacement hardware when your existing appliance has a failure."

Has this been changed?

Sincere Regards

Hi Mats,

Using RMA portal when you move licenses from a bad box to the RMA device AIR-CT5508-CA-K9, all licenses [including base-ap-count, wplus, wplus-ap-count] except for the base license and evaluation

will be moved over to the new device. Old device would still have permanent base AP license on it even after rehost.

The RMA WLC is by default shipped with base license thus there is no need to move base license to new one.

To transfer license to RMA box, you can refer to :

Under special cases, if there is issue with base license, Cisco TAC licensing team can send you the base license. Also they can check base-ap-count of old box and they send you one .lic file with base and base-ap-count feature set included to reflect the right AP count on new WLC.

In that case you would see one base license as permanent-active and other one as permanent-inactive.  We would not have option to delete or modify priority of base license.



Thanks Madhuri.

I need to be more specific.

If we have two AIR-CT5508-250-K9 with each 250 base licenses, and we want to implement HA-SSO.  Then we would normally loose 200 AP licenses unless the base licenses could be reenginered and reshosted:

initial state                              prefered outcome

AIR-CT5508-250-K9                 AIR-CT5508-250-K9 + L-LIC-CT5508-100A x 2

AIR-CT5508-250-K9                 AIR-CT5508-HA-K9

Would this be possible, and how?

Since the old licenses are "hard" base licenses, customers are locked with the old AP redundancy scheme since just enabling HA on a WLC pair with the base license above 50 AP will loose these licenses.

If possible this would mean that the threshold for existing Cisco customers to upgrade to HA-SSO is drastically reduced.

Sincere Regards



Hi Madhuri,

I am upgrading from WISM to 5508. I was just configuring HA between two 5508  but after enabling SSO and reboot, The HA is not working. My secondary box went into maintence mode and primary controller stuck in l2 mode. It seems  the redundant commands are missing in the primary controller as well. I checked the network reachablity to gateway is available from the controller and the redundancy ports are wired as well. Could you thro some light ? Couldn't find any good troubleshooting doc.


There are few scenarios where the Standby WLC may go into Maintenance Mode and not be able to communicate with the network and peer:

  • Non reachability to Gateway via Redundant Management Interface
  • WLC with HA SKU which had never discovered peer
  • Redundant Port is down
  • Software version mismatch (WLC which boots up first goes into active mode and the other WLC in Maintenance Mode)

The WLC should be rebooted in order to bring it out of Maintenance Mode. Only the Console and Service Port is active in Maintenance Mode.

You can collect 'show redundancy summary' and  'show redundancy statistics' from both WLCs. This will show state of wlc, perr wlc state and reason for maintenance mode. We can take it up further based on the reason of maintenance mode.

Console logs saved will also help in identifying as to which step is failing.

If the redundancy commands are missing on primary, you need to reconfigure them. Else pairing will fail.

Please make sure you have following conditions met :

- Minimum 50 AP count license on secondary WLC. 'Show license summary' output from WLCs.

- Both WLCs running same version.

- WLCs in same subnet.

- Enable admin mode of ports. Show port summary will show the state.

Feel free to log a ticket with Cisco TAC. We can setup WebEx and assist you in troubleshooting the issue.




Hi Madhuri,

You have helped me numerous times on my WLC adventures and I wanted to thank you, thank you, thank you!  You always go above and beyond the call of duty!



I'm really happy to hear that. Thanks for all the appreciation Amir



Hi Maduri,

Say we have a VSS based setup with  WISM2s and  assume we also purchase HA-SKU for the WISM2.

Let me expalin the scenario.

If  we  loose power to one VSS chassis will cause  the APs to  failover to the standby  WLCs. Now when power resumes, the previous active WLCs will  not become active but the standby will continue to be the active WLC servicing the APs. My understanding is that with HA SKU  arrangement ,still the  AP licenses are bounded with the  previous active WLC.if this is the case can we continue  using the current active WLC (former standby WLC)  although  we do not have valid AP licenses?  Do we need to doa manual failover at some point of timein the future to rectify this?

Other side question is that in this setup (where we had a single failover) suppose  we want to add  more AP licenses in the future,what is the process to add them and to which WLC?

Also I think the results of the failover scenario  presented in  row 9 of the the table "Network issue"  is incorrect.can you confirm pls?

Thanks in advance.


Hi Janesh,

Great question.

If you lose power on one chassis then APs will failover to Secondary. Standby will continue to serve till a manual failover is initiated as you have rightly mentioned.

Regarding the license, there is no need to manually move the license. Once the HA pairing is done, standby WLC will inherit the license from primary wlc on its own and it will be ready to takeover APs in the event of primary wlc failure.

So if you have 300 license on primary, secondary will also show the same 300 count after it inherits from primary.

You can definitely continue to use the current active or previous standby even after fialover. Only thing is after 90-days, it starts nagging messages stating it has been more than 90 days since primary WLC failed. Thiis is indication to net admin so that they fix the issue with primary WLC. 

Even after 90 days, APs will be connected fine to currnet active/previous standby. It is just message traps.

You can add new AP license to primary and there is no need to add license on secondary. It is recommended to bring up your primary as HA SKU is not designed to allow new AP licenses.

Even if secondary is active (single failover), as per design license cannot be added to active HA SKU.

When you try adding to active HA SKU, you get a message like :

!!!! Blocked: Changing License configurations on Secondary unit is blocked !!!!

Yes, Row 9 is incorrect. I will file a documention bug to fix this.

Row 9 paramaters are same as Row 1 and the result mentioned in Row 1 is correct. So it should be :

Network Issues
RP Port StatusPeer Reachable via Redundant ManagementGateway Reachable from ActiveGateway Reachable from StandbySwitchoverResults
UpYesYesYesNoNo Action



Hi Madhuri,

Thanks very much for your reply.I do have one final question.

Does the standby WLC check the network connectivity (ICMP to GW ) in parallel  with  exchanging keepalives with Active WLC? To me the algorithm indicates that the icmp  kicks in only when the keepalive fails.



Content for Community-Ad