SSO disabled, nr2 chasses hiding.

David Ritter · ‎07-15-2024

Hi, It became necessary to turn off SSO on my 5520 stack inorder to toggle NAT on/off, due to apparent bug in 8.10.196 code that presents the outside IP address as a reply target to all AP's requesting link. Since the 'inside' ap's can not reach the outside ip, they fail to attach. OEAP's (outside) have no issue. By turning off NAT, the inside AP's reattach as needed/expected.

So as SSO is turned off, there is not a viable chassis, fully configured, just needing an IP change and it can become the new OEAP support machine with the previous chassis supporting the interior AP's, with no NAT.

Or so I thought. Seems that chassis 2 is in stealth mode. only CMIC is alive. the Service port does not ping and it should be alive and well CLI and GUI. Do I need to reboot chassis 2 with the trunk disabled?

marce1000 · ‎07-15-2024

- Your requirements are a bit confusing ; in a first approach if SSO is needed I would for instance power down the standby controller 'to have a clear picture' ; you may want to elaborate if needed

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

David Ritter · ‎07-15-2024

lol, SSO is not required.. when is the last time a c220 actually died?

Any way inorder to toggle NAT on/off SSO must be disabled.

So I'm thinking of simply using the second box in solo production for NAT'd OEAP support.

having simply placed the stack in SSO Disable mode, I expected the service port to remain active and I could re-address the management address and redirect the NAT to the new IP.. thus moving my 130 OEAP's to the fresh chassis.

So do I have to shut down the port channel (as chassis 2 management Ip be same as chassis 1) and reboot the chassis to re-enable the service port? I'm not used to having the SP shut down. airos 8.10.196.0

Rich R · ‎07-16-2024

I expect you would have to make sure redundancy is disabled, shut down the interfaces, correct any IP addressing and then reboot.

The other thing to beware of - do you have licenses for the second WLC? If it was running on the HA SKU before then you'll need to buy and install the correct licenses.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

David Ritter · ‎07-17-2024

the C220's were purchased as standalone so base licensing might be RTU. Still leaves me wondering why the SP is non-responsive.

Rich R · ‎07-18-2024

The routing config is not part of the shared SSO config, it's configured for each chassis separately so make sure you have the routes configured on that chassis.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs