HA issues in WLC9800 RMI comm failure on RP port

tpiciscouser · ‎08-31-2022

Hi Cisco Family,

I am having a lot of issues having HA formation on WLC 9800 - CL V 17.3.4c Amsterdam.

It was working when both VMs were on the same hypervisor , but when we migrated the Primary to the Active DC , Since then i could not get HA bacK.

Topology is DC1 (WLC1 on Storage) - DELL Storage Switch - Core Nexus 9K in DC1 - Inter DC Link 0 Core Nexus 9K in DC2 - DC 2 DEll Storage Switch - (WLC2) on Storage Server.

VM configs

////////////
We are using the below Setup

Vlan 901 - WMI

VLqn 706 - OOB

Vlan 949 - Guest

Vlan 950 - Guest

VLan 855 - Dedicated Layer 2 for Heartbeat

NiC 1 - OOB - VLAN 706

Nic 2 - Trunk for Vlan 901, 949 and 950 (All Vlans allowed and not pruned)

Nic 3 - Vlan 855

WLC Configuration

Int Gig1 on WLC is made access port for OOB Vlan 706

Int Gig 2 is Trunk to allows VLAN 901, 949 and 950

int Gig3 is for HA and Vlan 855 is made access vlan on it.

Earlier i found Promiscous mode = accept and Forged transmit = Accept have to be setup on All Three Gigs, as i was missing on GIg 3, so i can now confirm Layer 2 COmms is up but still HA is not establising,

ip route 0.0.0.0 0.0.0.0 is through VLan 901 gateway which is same as RMI + RP subnet
WHat is wrong with my Setup?

marce1000 · ‎08-31-2022

- Review the 9800 - CL configuration with the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer. Checkout all advisories!

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Arshad Safrulla · ‎08-31-2022

You need to configure the default gateway. Make sure that the RMI Gateway reachable from both WLC's.

management gateway-failover enable

ip default-gateway X.X.X.X

Please refer the below document for HA configuration. It is similar to physical WLC's.

Configure Catalyst 9800 Wireless Controllers in High Availability (HA) Client Stateful Switch Over (SSO) in IOS-XE 16.12 - Cisco

Cisco Catalyst 9800-CL Wireless Controller for Cloud Deployment Guide - Cisco

High Availability SSO Deployment Guide for Cisco Catalyst 9800 Series Wireless Controllers, Cisco IOS XE Amsterdam 17.1

Also post the redundancy configuration from both WLC's (sanitized) along with the output for the below

show chassis

show redundancy

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

tpiciscouser · ‎09-01-2022

Hi @Arshad Safrulla I have given he ip default-gateway command and also ip route 0.0.0.0 0.0.0.0 to the gateway where RMI Ip is located.

outputs as below

WLC9800CL-01#sh redundancy
Redundant System Information :
------------------------------
Available system uptime = 14 minutes
Switchovers system experienced = 0
Standby failures = 0
Last switchover reason = none

Hardware Mode = Simplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = Non-redundant
Maintenance Mode = Disabled
Communications = Down Reason: Failure

Current Processor Information :
-------------------------------
Active Location = slot 1
Current Software state = ACTIVE
Uptime in current state = 14 minutes
Image Version = Cisco IOS Software [Amsterdam], C9800-CL Software (C9800-CL-K9_IOSXE), Version 17.3.4c, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Wed 10-Nov-21 11:54 by mcpre
BOOT =
CONFIG_FILE =
Configuration register = 0x102
Recovery mode = Not Applicable

Peer (slot: 0) information is not available because it is in 'DISABLED' state

WLC9800CL-01#sh chassis
Chassis/Stack Mac Address : 0050.5696.b595 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
Chassis# Role Mac Address Priority Version State IP
-------------------------------------------------------------------------------------
*1 Active 0050.5696.b595 2 V02 Ready 169.254.16.202
2 Member 0050.5696.94f4 1 V02 Initializing 169.254.16.203

The Standby Just stays in this Initialization state and it boots in standalone only when we break HA .

Let me know what details are needed to understand the issue please , i have been struggling for around 2 weeks , Cisco CAnt figure as yet

Arshad Safrulla · ‎09-01-2022

Did you restart the second WLC after configuring HA?
I haven't deployed WLC's myself in multi DC network, I completely depend on my computing team for an Hypervisor based deployment. In my LAB's I have tested when both WLC's are in the same ESXI host and also 2 ESXI instances running in the same server with great results. So I doubt this has to do something with the Hypervisor switch level. I would appreciate if you could check the Hypervisor level vswitch configuration and also make sure that the redundancy requirements for RP interface is well within the recommended range.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

tpiciscouser · ‎09-01-2022

Hi @Arshad Safrulla Yeah i did reboot both WLCs few times, and it was working perfectly when in the same Datacenter but since moved to Different DCs started having issues,

hope you can replicate and check at your end if it works

THanks

Arshad Safrulla · ‎09-02-2022

Is all the VLAN's allowed over the DCI links? If BGP EVPN/ACI being used for multi site connectivity check the relevant configuration.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Rich R · ‎09-02-2022

Do Cisco support running HA-SSO between DCs like that?
It's really designed for back to back setup but the requirement suggest it might work if you have the correct L2 connectivity between them: Maximum RP link latency = 80 ms RTT, minimum bandwidth = 60 Mbps and minimum MTU = 1500
We only use SSO for co-located WLCs with AP pri/sec for WLCs in different DCs.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

tpiciscouser · ‎09-03-2022

I have raised with Cisco so many times but they never denied that it should not work and always provided this metric and deployment Guide so i assume it should be working on Multi DC enviornment

marce1000 · ‎09-03-2022

- Define raised : meaning you should get either a go or no go reply on
this topic through TAC.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '