01-17-2014 03:13 PM - edited 07-04-2021 11:59 PM
There is a customer who got two new 5500 WLCs for Russia, running 7.4.110 SV. per mistake one of the controllers was sent as non-LDPE capable, the other is LDPE. He wants to know if possible to enable HA SSO between these two controllers?
The only topic related I have found is this https://supportforums.cisco.com/thread/2220165
But not too much info!
Solved! Go to Solution.
01-17-2014 04:24 PM
It should work fine, just that the LDPE will not allow DTLS encryption.
Sent from Cisco Technical Support iPhone App
01-17-2014 03:18 PM
Well since you need the LDPE image for Russia, it would be a good idea to RMA that non-LDPE WLC for one that is LDPE.
Regulations might get them in trouble since Russia doesn't want the ability for a WLC to encrypt.
Sent from Cisco Technical Support iPhone App
01-17-2014 04:05 PM
I tottally agree with you, however the customer wants to take the risks, so I have to get an answer for this and maybe make it work.
01-17-2014 04:24 PM
It should work fine, just that the LDPE will not allow DTLS encryption.
Sent from Cisco Technical Support iPhone App
01-17-2014 04:49 PM
Ok, I will tell him to try it and I let you know! Thanks.
01-17-2014 07:20 PM
Yeah let me know... I have had mobility up and running between the two types.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
01-17-2014 07:51 PM
I have to agree with Scott and get the non ldpe WLC replaced. That risk is too big to want to take, as liability will also fall in the party installing the WLC
If you have to go through, make sure the LDPE is the primary
Steve
Sent from Cisco Technical Support iPhone App
01-18-2014 06:24 AM
Here is the risk your customer faces and you know they will say they didn't know!
I would just tell your customer it's not stabile and they need to RMA the unit!
Important Note for Customers in Russia
If you plan to install a Cisco Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
Sent from Cisco Technical Support iPhone App
01-21-2014 01:25 PM
though it works, It is not cisco supported, better change the WLC.
03-06-2014 04:49 AM
Hi all!
I too have this problem. I have two 5508 controllers. I have operating wlc with ldpe and new wlc for high avaliability non ldpe.
If I understand I need to replace my device at the vendor. Yes? or can I convert ldpe wlc to non ldpe.
Thanks
03-06-2014 05:15 AM
You can convert it from LDPE to non-LDPE... Here is a support doc that will provide you with the information to do this conversion. Should be pretty easy... Hope it helps:)
https://supportforums.cisco.com/docs/DOC-24920
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
03-06-2014 05:51 AM
Customer decided to use the two types on his HA cluster, HA worked fine. Thanks to all of you.
03-06-2014 05:56 AM
Thank you all for helping.))
08-22-2014 09:35 AM
SSO is working fine, but if you want to upgrade your WLC then you can not do it. You will get error (( You need disable SSO, then upgrade every WLC (LDPE and not LDPE) and then enable SSO. It is so sad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide