I have some issues with a new C9800-40 WLC HA deployment.
I configured HA SSO (with RMI+RP) as it should be. I think the configuration is correct, HA SSO is formed, switchover works, but I discovered some warnings (orange triangles) under Administration -> Device -> Redundancy on WebGUI. (image below)
If I hoover the pointer, first triangle says: To configure redundancy on a Catalyst 9800 device, click here: link
2nd and 3rd triangle says: RMI IP must be in the same subnet as Wireless Management Interface (WMI). For more information, see here. (link)
These claims are correct, but I think my configuration also correct.
Here are some details:
Plan:
WMI/RMI interfaces are in VLAN 90.
OOB interfaces (GE0) already configured for xx.xx.111.90 on both chassis.
IP addressing:
Primary WLC WMI: xx.xx.90.90
Secondary WLC WMI: xx.xx.90.93
Primary WLC RMI: xx.xx.90.91
Secondary WLC RMI: xx.xx.90.92
Primary WLC RP: 169.254.90.91
Secondary WLC RP: 169.254.90.92
We don't use LACP on ports because WLCs T0/0/0 connections to a Firewall#1, T0/0/1 connections to a Firewall#2 and FWs works in HA topology (active-passive mode)
Init cfg on wlc1:
vlan 90 name xxx interface vlan 90 ip address 10.10.90.90 255.255.255.0 ip address 10.10.90.91 255.255.255.0 secondary no shut wireless management interface 90 ip route 0.0.0.0 0.0.0.0 10.10.90.1 ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.20.111.1 interface TenGigabitEthernet0/0/0 switchport trunk allowed vlan 90,1200,1208,1212 switchport mode trunk ! interface TenGigabitEthernet0/0/1 switchport trunk allowed vlan 90,1200,1208,1212 switchport mode trunk chassis 1 priority 2 redundancy mode sso redun-management interface Vlan90 chassis 1 address 10.10.90.91 chassis 2 address 10.10.90.92
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.20.111.90 255.255.255.0
wri mem
Init cfg on wlc2:
vlan 90 name xxx interface vlan 90 ip address 10.10.90.93 255.255.255.0 ip address 10.10.90.92 255.255.255.0 secondary no shut wireless management interface 90 ip route 0.0.0.0 0.0.0.0 10.10.90.1 ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.20.111.1 interface TenGigabitEthernet0/0/0 switchport trunk allowed vlan 90 switchport mode trunk ! interface TenGigabitEthernet0/0/1 switchport trunk allowed vlan 90 switchport mode trunk chassis 1 renumber 2 redundancy mode sso redun-management interface Vlan90 chassis 1 address 10.10.90.91 chassis 2 address 10.10.90.92
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.20.111.90 255.255.255.0
wri mem
After connected the cables and HA is formed, gateway monitoring is enabled also:
management gateway-failover enable
Current outputs:
wlc01#show redundancy
Redundant System Information :
------------------------------
Available system uptime = 12 weeks, 3 hours, 33 minutes
Switchovers system experienced = 10
Standby failures = 0
Last switchover reason = user forced
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Maintenance Mode = Disabled
Communications = Up
Current Processor Information :
-------------------------------
Active Location = slot 1
Current Software state = ACTIVE
Uptime in current state = 37 minutes
Image Version = Cisco IOS Software [Dublin], C9800 Software (C9800_IOSXE-K9), Version 17.12.5, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2025 by Cisco Systems, Inc.
Compiled Fri 14-Mar-25 02:50 by mcpre
BOOT = bootflash:packages.conf,12;
CONFIG_FILE =
Configuration register = 0x2102
Recovery mode = Not Applicable
Fast Switchover = Enabled
Initial Garp = Enabled
Peer Processor Information :
----------------------------
Standby Location = slot 2
Current Software state = STANDBY HOT
Uptime in current state = 31 minutes
Image Version = Cisco IOS Software [Dublin], C9800 Software (C9800_IOSXE-K9), Version 17.12.5, RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2025 by Cisco Systems, Inc.
Compiled Fri 14-Mar-25 02:50 by mcpre
BOOT = bootflash:packages.conf,12;
CONFIG_FILE =
Configuration register = 0x2102
wlc01#show redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Primary
Unit ID = 1
Redundancy Mode (Operational) = sso
Redundancy Mode (Configured) = sso
Redundancy State = sso
Maintenance Mode = Disabled
Manual Swact = enabled
Communications = Up
client count = 147
client_notification_TMR = 30000 milliseconds
RF debug mask = 0x0
Gateway Monitoring = Enabled
Gateway monitoring interval = 8 secs
wlc01#show chassis
Chassis/Stack Mac Address : xxxx.xxxx.xxe0 - Local Mac Address
Mac persistency wait time: Indefinite
Local Redundancy Port Type: Twisted Pair
H/W Current
Chassis# Role Mac Address Priority Version State IP
-------------------------------------------------------------------------------------
*1 Active xxxx.xxxx.xxe0 2 V02 Ready 169.254.90.91
2 Standby xxxx.xxxx.xx20 1 V02 Ready 169.254.90.92
wlc01#show redundancy switchover history
Index Previous Current Switchover Switchover
active active reason time
----- -------- ------- ---------- ----------
1 1 2 Active lost GW 13:18:17 CET Fri Mar 14 2025
2 2 1 user forced 17:47:05 CET Fri Mar 14 2025
3 1 2 Active RMI port down 15:50:23 CET Thu May 29 2025
4 2 1 user forced 16:48:01 CET Thu May 29 2025
5 1 2 user forced 14:09:51 CET Tue Jun 3 2025
6 2 1 user forced 18:46:16 CET Thu Jun 5 2025
7 1 2 user forced 19:39:14 CET Thu Jun 5 2025
8 2 1 user forced 19:51:59 CET Thu Jun 5 2025
9 1 2 active unit removed 22:52:53 CET Thu Jun 5 2025
10 2 1 user forced 12:02:23 CET Fri Jun 6 2025
wlc01#
I performed software update to the newest recommended release, rebooted WLCs several times, but the warning still there. I've thought about break and rebuild HA, but it's a hassle because I don't have console access (I use OOB now) and the device is ~5000 km away.
What do you suggest, what could be the problem? I can get any output from the devices.
Accepted Solutions
Albeit of the fact whether incognito works or not, here is the possible explanation of the 'issue'.
I have never seen any WLC without that warning sign in any version. I have checked my lab too. The reason why you are seeing the warning in one setup and not in another setup is due to 'Guided Assistance'. If you have it enabled, then you will end up seeing the warning. Whereas if you disable it, the warning will not longer be seen. This was done intentionally to make people cautious/alert while configuring the RMI IP addresses.
Here are the comparative study - Option is in WLC GUI >> Preference (right beside save option in GUI) >> Guided Assistance
I already done that and WLCCA shows one warning about the HA. (wireless mobility mac-address was not configured) I added it, but no change, warnings are still there.
WLCCA shows many warnings because nothing has been configured yet except HA. But it's very strange that it complain about the ROMMON version, even though I updated it to the recommended version a couple of days ago.
wlc01#show rom-monitor chassis 1 r0
==========================================================
System Bootstrap, Version 17.12(1r), RELEASE SOFTWARE
Copyright (c) 1994-2023 by cisco Systems, Inc.
wlc01#show rom-monitor chassis 2 r0
==========================================================
System Bootstrap, Version 17.12(1r), RELEASE SOFTWARE
Copyright (c) 1994-2023 by cisco Systems, Inc.
wlc01#
I checked an other C9800-40 HA system running the very same software version, there is no warnings at all. (image below)
I understand what you're saying, but another 9800-40 HA system running exactly the same software is not showing the alarms. I wonder why?
Albeit of the fact whether incognito works or not, here is the possible explanation of the 'issue'.
I have never seen any WLC without that warning sign in any version. I have checked my lab too. The reason why you are seeing the warning in one setup and not in another setup is due to 'Guided Assistance'. If you have it enabled, then you will end up seeing the warning. Whereas if you disable it, the warning will not longer be seen. This was done intentionally to make people cautious/alert while configuring the RMI IP addresses.
Here are the comparative study - Option is in WLC GUI >> Preference (right beside save option in GUI) >> Guided Assistance
