cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1065
Views
15
Helpful
5
Replies

FlexConnect 8.3 to 8.5 upgrade in SSO

Arne Bier
VIP
VIP

Hello

 

Is there any good advice when upgrading an SSO pair of 8510's from 8.3 to 8.5 ? 

There are a couple of thousand APs in Flex mode - but the Flex Groups contain APs from multiple sites - hence I am doubting that the FlexAP Upgrade will be of much benefit, since the remote sites cannot communicate with one another.

 

I have read the Release Notes and the Admin Guide and it seems to me that a standard AP pre-load would be required (and could take some time to trickle down to all the APs in remote locations).

 

I am also planning on running the TAC script that checks the flash file-system on the APs. I have run it before and I don't know if I can trust it - e.g. I have seen APs reported as Bad, then run script again, then it's good, and then run script again and it says the same AP is bad. I did the upgrade and the AP was just fine. On the other hand, a few APs that were reported as "good" went AWOL.

 

is there any danger in upgrading from 8.3.14x to 8.5.151.0 ? What precautions, other than saving the config, can be done to ensure that the upgrade goes smoothly? And any famous last words of advice for an SSO deployment?

 

regards

1 Accepted Solution

Accepted Solutions

Well from my experience and comfort, I typically will migrate a few AP’s to see how well it goes and go from there. I know the 3702’s will be a nightmare due to the double upgrade. Again, it’s safer to have that one controller that you can migrate to. The risk will be during your testing as no one can say how easy or hard it will be. The time it takes for AP’s to download, come back up, you verify all AP’s are online and clients connected depends on your workflow.
-Scott
*** Please rate helpful posts ***

View solution in original post

5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame
SSO deployments are tough without another controller you can migrate AP’s to. If your not scared, you can remove the secondary and factory reset that and configure it as another controller. Run N+1 until you have all your sites upgraded then you can co figure the secondary back and get your SSO up and running. Just an option.
-Scott
*** Please rate helpful posts ***

Just to clarify. You don’t have to break SSO, just pull the secondary controller and factory reset that. Your primary will show that SSO is down but it will function. You build your other controller with the image you want, setup mobility between the two and then move AP’s or site until you are done.
-Scott
*** Please rate helpful posts ***

Hi @Scott Fella 

 

thanks for the advice. In the past we have used a loan controller to slowly migrate chunks of the APs across, while maintaining the old SSO pair until the end, and then upgrade it without APs. But in the absence of a loan WLC, the suggestion of breaking the SSO is definitely an option.

How scary should an AireOS upgrade be? I see no reason why an 8.3.143 to 8.5.151 upgrade render a controller so broken that APs can't register anywhere, and therefore stay unregistered, causing a total outage.  Kind of makes a mockery of a "highly available" solution, if you ask me. 

Well from my experience and comfort, I typically will migrate a few AP’s to see how well it goes and go from there. I know the 3702’s will be a nightmare due to the double upgrade. Again, it’s safer to have that one controller that you can migrate to. The risk will be during your testing as no one can say how easy or hard it will be. The time it takes for AP’s to download, come back up, you verify all AP’s are online and clients connected depends on your workflow.
-Scott
*** Please rate helpful posts ***

You shouldn't expect any major gotchas but make sure you've read through the release notes before you start - it's amazing how many people don't and then are surprised when they encounter something mentioned in the release notes.
Also if you're upgrading to 8.5 it should be 8.5.161.0 not 8.5.151.0 because that resolves some critical security vulnerabilties as well as other fixes.

ps: refer to Leo's reply in a previous post about how to manually download the image to 3700 APs in advance to avoid the double download and reload which you'll get with standard pre-download.

https://community.cisco.com/t5/other-wireless-mobility-subjects/ap-migration-stuck-in-downloading-status/td-p/4075419

Review Cisco Networking for a $25 gift card