Solved: Cisco 5520 WLC HA recovery

cxu21 · ‎05-01-2024

We have 2 Cisco 5520 WLC running in HA mode. During software upgrade, for some reason, the primary finished upgrade but secondary did not, HA was broken and primary in maintenance mode and secondary became active.

Someone did quite a few clean up tasks on the secondary before realise the primary was in maintenance.

In order to bring the HA back, here is my plan and please advise if it is feasible.

1. disconnect RP ports connection.

2. on primary(WLC01) issue "config redundancy unit secondary" to change its role as secondary

3. on secondary(WLC02) issue "config redundancy unit primary" to make it as primary

4. on WLC01 issue below commands to downgrade it to the same version as WLC02

transfer download mode tftp

transfer download datatype code

transfer download serverip 1.1.1.1

transfer download path .

transfer download filename AIR-CT5520-K9-8-10-162-0.aes

transfer download start

5. reload WLC01 by using "reset system"

6. once reload is completed, check the version on WLC01.

7. if software version are matched, connect the RP ports.

8. if everything goes well, configuration from WLC02 will be synced to WLC01.

9. enter "config redundancy unit primary" on WLC01 to change it back as primary and enter "config redundancy unit secondary" on WLC02 to change it as secondary.

Coule you let me know if above process is the right one to follow?

Also, in step 9, will the server need reboot to make it take effect?

Rich R · ‎05-02-2024

Like @balaji.bandi make sure you have a config backup before you start doing any of this.
Mostly I think your plan will work - just a few comments and making it much simpler:

4. No need to download the old software again - it should still be there on WLC01 in the backup partition - you just need to switch to it: "show boot" to confirm which version is in which partition then "config boot primary/backup" to tell it to boot off the old version on next reload.

There's no need to change the primary/secondary. Once you have the primary running on correct version reconnect RP ports and power cycle the primary. It should come up and sync config with secondary and then when sync is complete you can just do a "redundancy force-switchover" to switch back to running on the primary.

As @Haydn Andrews said this is essentially the same as RMA:
https://www.cisco.com/c/en/us/support/docs/interfaces-modules/wireless-services-module-2-wism2/117729-configure-wlan-00.html#anc7

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

Leo Laohoo · ‎05-01-2024

If the RP port gets disconnected, how do you expect to fail over? This is not possible.

The only way is to sever all connections to the secondary unit and upgrade the firmware using the Service Port.

cxu21 · ‎05-01-2024

Hi Leo,

Because the everything is working on secodary which has lower version of firmware, we prefer to downgrade the firmware on the primary server instead of upgrade the firmware on secondary.

We can leave the RP port connection untouched.

In that case, do you think it will work?

marce1000 · ‎05-01-2024

- With such a long sequence , it is difficult to tell if everything or the path taken is completely correct also because of the origin reason not exactly down , basically it comes down to breaking HA ; make sure both controllers are OK and healthy and build HA again ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Haydn Andrews · ‎05-01-2024

Break HA
Treat it as an RMA, upgrade, drop config on it, join to SSO cluster
then use fail over commands to make the one u want primary.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

balaji.bandi · ‎05-02-2024

check below i have documented easy step with cautious : (make sure you have backup out of the box)

https://www.balajibandi.com/?p=1808

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rich R · ‎05-02-2024

Like @balaji.bandi make sure you have a config backup before you start doing any of this.
Mostly I think your plan will work - just a few comments and making it much simpler:

4. No need to download the old software again - it should still be there on WLC01 in the backup partition - you just need to switch to it: "show boot" to confirm which version is in which partition then "config boot primary/backup" to tell it to boot off the old version on next reload.

There's no need to change the primary/secondary. Once you have the primary running on correct version reconnect RP ports and power cycle the primary. It should come up and sync config with secondary and then when sync is complete you can just do a "redundancy force-switchover" to switch back to running on the primary.

As @Haydn Andrews said this is essentially the same as RMA:
https://www.cisco.com/c/en/us/support/docs/interfaces-modules/wireless-services-module-2-wism2/117729-configure-wlan-00.html#anc7

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390