Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
3
Replies

Cisco WLC 2504 HA issue

bond_it149
Level 1
Level 1

‎07-11-2017 06:15 AM - edited ‎07-05-2021 07:19 AM

Hello everyone,

I have a weird issue with the 2504 controller. 

I have a primary and backup controller. They are both configured with the same settings (different IP addresses for management interface and 2 other vlans that i have configured) I have followed multiple guides on configuring HA on 2504 from multiple sources and nothings seems to work.

Below is a short summary of the configuration and whats happening:

1) Both controllers are configured with LAG connected to 2x 48 port 2960x switch

2) Each switch is configured with port-channel group (etherchannel mode on i know no LACP is supported on WLC 2504)

3) Each controller is connected to a LAG on a different switch with specific VLANs permitted on the trunk

4) When the primary controller is on, clients cannot get an ip address and those who are getting connected are getting slow speeds, random disconnections and are unable to get an ip address after they are waking up from from sleep mode

5) When the backup controller is on, clients are getting connected in 2 seconds or less and no issues at all for the past 3 weeks

6) I worked with TAC and they sent me a replacement controller. Same issue happened with the replacement controller.

7) We have 4x 2802i APs and 1x 1702i AP. All APs are getting their power from a POE+ ports on the switches

FUS is the latest on both controllers and firmware version is the same as well (8.2.151)

Again, both controllers are configured in the same way, switch configuration is configured in the same way. 

I tried to debug clients and on the primary controllers i see that clients are getting credentials are wrong error but they are not getting it when the backup controller is on.

Any advice would be appreciated. 

Labels:
0 Helpful
3 Replies 3

patoberli
VIP Alumni
VIP Alumni

‎07-11-2017 07:40 AM

Basic question, but you ensured that the port-channel on the switch for controller1 is correct and you aren't using the same channel for both controllers?

0 Helpful

bond_it149
Level 1
Level 1
In response to patoberli

‎07-11-2017 08:32 AM

I did. 

On SW1 the primary controller is connected to port-channel 3 and on SW2 the backup controller is connected to port-channel 5

The connection between these 2 switches is LACP permitting vlans for our network.

I tried to connect both controllers to both switches and only the backup controller is working properly. 

I dont think its a firewall issue (we are using PFsense) since i currently have (i know i know) permit any any on the management interface.

The routing on the network is being done via the firewall (for now we dont have L3 switches in the network)

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to bond_it149

‎07-11-2017 10:42 PM

So, even if you exchange the two WLCs and connect them to the same ports as where the other one was plugged in, still only the backup is running?

I'm not sure if your firewall doesn't like the change of the mac-address of the WLC when the failover happens. Can you do a capture on the inside and outside interface of the firewall, to see if the client traffic arrives and passes through the firewall?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card