Catalyst 9800 Failover Behavior

GHOZLANE Haroun · ‎12-25-2024

In a Cisco Catalyst Controller 9800 SSO deployment, will failover occur if the interface or port-channel of the active WLC is physically shut down?

MHM Cisco World · ‎12-25-2024

You use RMI ?

if Yes then
if PO to SW is shut in active the standby failover to be new active

MHM

GHOZLANE Haroun · ‎12-25-2024

It's not working for me—failover only occurs when the active WLC goes completely down.

Our deployment has the WLCs in VSS Pair mode without any split links or cross cables. Could this configuration affect failover behavior?

MHM Cisco World · ‎12-25-2024

I mention RMI' do you use it?

MHM

MHM Cisco World · ‎12-25-2024

if you use RMI and it down then your case is third in table

MHM

GHOZLANE Haroun · ‎12-25-2024

i am using layer two porchannel as bellow

In my failover test, I shut down the port channel from the switch side. As a result, the access points and clients disconnected and did not switch over to the backup wlc02.

This behavior suggests that the redundancy mechanisms did not function as expected.

!
interface Vlan100
description Wireless Management
ip address 10.160.1.5 255.255.255.0 secondary
ip address 10.160.1.7 255.255.255.0
!

!
interface Port-channel10
description ###to-WLC-DCO1###
switchport trunk allowed vlan 100
switchport mode trunk
end

DC01-WLC01#sh etherchannel 10 summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

A - formed by Auto LAG

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
10 Po10(SU) LACP Te0/1/0(P) Te0/1/1(P)

Mark Elsen · ‎12-25-2024

- @GHOZLANE Haroun >...In my failover test, I shut down the port channel from the switch side. As a result, the access points and clients disconnected and did not switch over to the backup wlc02.

- The phrasing and test sequence is incorrect , controller failover targets inner health checks and operations of the controllers and does not include external networking issues. A real controller failover can make APs switchover , which is transparent in HA SSO.

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

MHM Cisco World · ‎12-25-2024

As @Mark Elsen mentioned' you need to shut down PO from SW to test .

Why? If you shutdown the PO from active WLC itself the config is sync to standby abd hence now both WLC have PO down and this is case 4 in table which is dont force failover

MHM

GHOZLANE Haroun · ‎12-25-2024

yes it is configured ,

!
interface Vlan100
description Wireless Management
ip address 10.160.1.5 255.255.255.0 secondary
ip address 10.160.1.7 255.255.255.0
!

Flavio Miranda · ‎12-25-2024

@GHOZLANE Haroun

It should failover as long as the Active WLC is using this port-channel to reach its gateway. And the RD port is communicating through your VSS switch.

Leo Laohoo · ‎12-25-2024

Yes and no.

In theory, yes.

In reality, it will depend on multiple factors, such as:

1. Are the controllers 9800-L or the bigger units (multiple WNCD);

2. In multi- or single WNCD, depends on the uptime

3. In single- or multi-WNCD, depends on the code

4. In multi-WNCD, depends on the control-plane memory utilization

5. In multi-WNCD, depends on the AP count, daily wireless users, is the SSID PSK or not, etc

Rich R · ‎12-25-2024

Make sure you refer to the later (17.6) version of the doc you quoted:
https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-6/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-6.pdf
As there were a number of enhancements to SSO between 17.1 and 17.6.

Also see https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#StatefulswitchoverSSO and https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2023/pdf/BRKEWN-2846.pdf
It's recommended to have the RP link connected back to back if at all possible and not through the switch network as it seems you're doing.

What version of software are you running? (refer to TAC recommended link below)

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390