Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
0
Helpful
2
Replies

HA AP SSO WLC Web Mgm not working

rparrat666
Level 1
Level 1

‎06-27-2013 09:38 AM - edited ‎07-04-2021 12:18 AM

Hi Experts,

I just implemented HA on a pair of WLC 5508, both with valid AP licensees (500 one od them and 50 the other). The HA AP SSO configuration is working properly, and after forcing the switch-over, the secondary WLC comes up and everything still working fine (the switch-over comes really clean), but we are facing a hard problem.

If you are connected (directly to the switch) in another VLAN rather than the admin VLAN, even if clients keep connected and can reach all destinations without any problem (you can even ping the WLC mgm ip 10.46.27.150), you cannot connect to the WLC via telnet, ssh or web, when the secondary WLC is working due to the switch-over. After switching-over to the primary again, you can connect without problems to the WLC again even from other subnets.

You can connect shh, telnet or web from other subnets at anytime when the primary WLC is working

We have a switch with two vlans:

VLAN 24 – normal users

VLAN 50 – wireless devices and users, we are using the port connected to the WLC as access cause we only want one SSID for all wireless users.

WLC ip: 10.46.27.150

Scenario A

When connected to the vlan 24, and the primary WLC, you can connect via https, ssh or telnet.

When connected to the vlan 50, and the primary WLC, you can connect via https, ssh or telnet.

Scenario B

When connected to the vlan 24 and secondary WLC is working due to failover, you cannot connect via SSH, https or telnet, but you can still ping the mgm ip 10.46.27.150.

When connected to the vlan 50, and the primary WLC, you can connect via https, ssh or telnet.

Two facts to have in mind:

I have no service port configured. I don’t know if its necessary to have it configured to entered the WLC form other subnets, but I don’t think this is important cause you can ping the mgm ip at anytime.

The port form the SW to the WLC is acces cause I’m only using one SSID.

I’m adding to .ppt documents:

  • WLC1.ppt when the primary WLC is working.
  • WLC2.ppt when the seconday WLC is working due to failover of the primary (notice that the WLC1 is up but the secondary retains the master role).

Thanks

Labels:
Preview file
1052 KB
Preview file
647 KB
0 Helpful
2 Replies 2

rparrat666
Level 1
Level 1

‎06-27-2013 09:49 AM

After a few test, I notice form the WLC gui you cannot ping other subset when we have the problem

0 Helpful

rparrat666
Level 1
Level 1

‎08-28-2014 03:01 PM

The problem was a bug, use version 7.4.121 or greater, better use 7.6

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card