Solved: SSO setup failure in cisco WLC

chandogetrude · ‎06-10-2017

We have implemented a scenario in which WLC management Interface is in vlan 1 subnet but when we tag management Interface with vlan 1 we cannot reach the WLC management IP. The WLC is connected to 4506-e VSS chasis trunk ports.

When we untag the management interface i.e VLAN ID=0 we can reach the WLC but cannot configure SSO redundancy getting Error “please configure redundancy management vlan before enabling redundancy”

Please advise can we achieve the SSO setup in the said scenario

The firmware version in two WLC is 8.2.141.0

Prateek Saxena · ‎06-12-2017

From 8.0 code it is mandatory to tag the management vlan. From the output you have provided you have management untagged:

management LAG untagged 10.149.80.250 Static Yes No

you need to provide a vlan id there. If you have vlan 1 as native vlan on the switch trunk link, make any other vlan as native and tag the management vlan with id 1 using the command "config interface vlan management 1"

View solution in original post

Leo Laohoo · ‎06-10-2017

Post the output to the following commands:

WLC: sh sysinfo;
WLC: sh lag summary; and
WLC: sh interface summary
Switch: sh interface <TRUNK>; and
Switch: sh etherchannel summary

Note: While this entire setup is still in shambles, please have a good think about using VLAN 1.

chandogetrude · ‎06-12-2017

1.(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.112.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
OUI File Update Time............................. Sun Sep 07 10:44:07 IST 2014

Build Type....................................... DATA + WPS

System Name...................................... Deloitte TZ WLC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.149.80.250
IPv6 Address..................................... ::
Last Reset....................................... Power on reset
System Up Time................................... 0 days 2 hrs 48 mins 14 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5

--More-- or (q)uit
System Stats Normal Interval..................... 180

Configured Country............................... KN - Kenya
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +43 C
External Temperature............................. +29 C
Fan Status....................................... OK

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 3
Number of Active Clients......................... 195

OUI Classification Failure Count................. 0

Burned-in MAC Address............................ 2C:54:2D:72:BB:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, Power Off, Fan On
Maximum number of APs supported.................. 500
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1

2.

(Cisco Controller) >show lag summary

LAG Enabled

3.

(Cisco Controller) >show interface summary

Number of Interfaces.......................... 12

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
floor2a LAG 10 10.149.81.3 Dynamic No No
floor2b LAG 20 10.149.81.130 Dynamic No No
floor3a LAG 30 10.149.82.3 Dynamic No No
floor3b LAG 40 10.149.82.130 Dynamic No No
guest workstation LAG 200 192.168.210.3 Dynamic No No
management LAG untagged 10.149.80.250 Static Yes No
redundancy-management LAG untagged 10.149.80.252 Static No No
redundancy-port - untagged 169.254.80.252 Static No No
mobilednet LAG 201 192.168.210.130 Dynamic No No
service-port N/A N/A 192.168.101.10 Static No No
virtual N/A N/A 1.1.1.1 Static No No
wiressdnet LAG 50 10.149.84.3 Dynamic No No

4.

CORE-SW#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi1/2/5 on 802.1q trunking 1
Gi1/2/19 auto 802.1q trunking 1
Gi2/2/5 on 802.1q trunking 1
Gi2/2/19 auto 802.1q trunking 1
Po1 on 802.1q trunking 1
Po2 on 802.1q trunking 1
Po3 on 802.1q trunking 1
Po4 on 802.1q trunking 1
Po6 on 802.1q trunking 1
Po7 on 802.1q trunking 1
Po8 on 802.1q trunking 1
Po9 auto 802.1q trunking 1
Po10 on 802.1q trunking 1
Po11 on 802.1q trunking 1
Po15 on 802.1q trunking 1
Po17 on 802.1q trunking 1
Po18 on 802.1q trunking 1
Po20 on 802.1q trunking 1
Po21 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/2/5 1-4094
Gi1/2/19 1-4094
Gi2/2/5 1-4094
Gi2/2/19 1-4094
Po1 1-4094
Po2 1-4094
Po3 1-4094
Po4 1-4094
Po6 1-4094
Po7 1-4094
Po8 1-4094
Po9 1-4094
Po10 1-4094
Po11 1-4094
Po15 1-4094
Po17 1-4094
Po18 1-4094
Po20 1-4094
Po21 1-4094

Port Vlans allowed and active in management domain
Gi1/2/5 1-7,10,20,30,40,50,60,100,200-202,500

Port Vlans allowed and active in management domain
Gi1/2/19 1-7,10,20,30,40,50,60,100,200-202,500
Gi2/2/5 1-7,10,20,30,40,50,60,100,200-202,500
Gi2/2/19 1-7,10,20,30,40,50,60,100,200-202,500
Po1 1-7,10,20,30,40,50,60,100,200-202,500
Po2 1-7,10,20,30,40,50,60,100,200-202,500
Po3 1-7,10,20,30,40,50,60,100,200-202,500
Po4 1-7,10,20,30,40,50,60,100,200-202,500
Po6 1-7,10,20,30,40,50,60,100,200-202,500
Po7 1-7,10,20,30,40,50,60,100,200-202,500
Po8 1-7,10,20,30,40,50,60,100,200-202,500
Po9 1-7,10,20,30,40,50,60,100,200-202,500
Po10 1-7,10,20,30,40,50,60,100,200-202,500
Po11 1-7,10,20,30,40,50,60,100,200-202,500
Po15 1-7,10,20,30,40,50,60,100,200-202,500
Po17 1-7,10,20,30,40,50,60,100,200-202,500
Po18 1-7,10,20,30,40,50,60,100,200-202,500
Po20 1-7,10,20,30,40,50,60,100,200-202,500
Po21 1-7,10,20,30,40,50,60,100,200-202,500

Port Vlans in spanning tree forwarding state and not pruned
Gi1/2/5 1-7,10,20,30,40,50,60,100,200-202,500
Gi1/2/19 1-7,10,20,30,40,50,60,100,200-202,500
Gi2/2/5 1-7,10,20,30,40,50,60,100,200-202,500
Gi2/2/19 1-7,10,20,30,40,50,60,100,200-202,500
Po1 1-7,10,20,30,40,50,60,100,200-202,500
Po2 1-7,10,20,30,40,50,60,100,200-202,500
Po3 1-7,10,20,30,40,50,60,100,200-202,500
Po4 1-7,10,20,30,40,50,60,100,200-202,500
Po6 1-7,10,20,30,40,50,60,100,200-202,500
Po7 1-7,10,20,30,40,50,60,100,200-202,500
Po8 1-7,10,20,30,40,50,60,100,200-202,500
Po9 1-7,10,20,30,40,50,60,100,200-202,500
Po10 none
Po11 1-7,10,20,30,40,50,60,100,200-202,500
Po15 1-7,10,20,30,40,50,60,100,200-202,500
Po17 1-7,10,20,30,40,50,60,100,200-202,500
Po18 1-7,10,20,30,40,50,60,100,200-202,500
Po20 none
Po21 1-7,10,20,30,40,50,60,100,200-202,500
CORE-SW#

5.

CORE-SW#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 20
Number of aggregators: 20

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) PAgP Gi1/2/1(P) Gi2/2/1(P)
2 Po2(SU) PAgP Gi1/2/2(P) Gi2/2/2(P)
3 Po3(SU) PAgP Gi1/2/3(P) Gi2/2/3(P)
4 Po4(SU) PAgP Gi1/2/4(P) Gi2/2/4(P)
5 Po5(SD) PAgP Gi1/2/5(I) Gi2/2/5(I)
6 Po6(SU) PAgP Gi1/2/6(P) Gi2/2/6(P)
7 Po7(SU) PAgP Gi1/2/7(P) Gi2/2/7(P)
8 Po8(SU) - Te1/1/3(P) Te2/1/3(P)
9 Po9(SU) - Te1/1/4(D) Te2/1/4(P)
10 Po10(SU) - Te1/1/1(D) Te1/1/2(P)
11 Po11(SU) - Gi1/2/11(P) Gi2/2/11(P)
12 Po12(SD) - Gi1/2/12(D) Gi2/2/12(D)
13 Po13(SU) - Gi1/2/13(P) Gi2/2/13(P)
14 Po14(SU) - Gi1/2/14(P) Gi2/2/14(P)
15 Po15(SU) - Gi1/2/15(P) Gi2/2/15(P)
17 Po17(SU) PAgP Gi1/2/17(P) Gi2/2/17(P)
18 Po18(SU) - Gi1/2/10(P) Gi2/2/10(P)
19 Po19(SD) PAgP Gi1/2/18(D) Gi2/2/18(D)
20 Po20(SU) - Te2/1/1(D) Te2/1/2(P)
21 Po21(SU) PAgP Gi1/2/9(P) Gi2/2/9(P)

chandogetrude · ‎06-12-2017

Note:WLC is connected on portchannel 11

Leo Laohoo · ‎06-12-2017

Bootloader Version............................... 1.0.1

Kindly read Prateek's response (above).

And please upgrade the bootloader to 1.9.0 (recommended).

Scott Fella · ‎06-10-2017

Like Leo mentioned you should look at using another vlan. However, if you really need to tag vlan 1, then you need to issues this command on the switch:

vlan dot1q tag native

This will tag vlan 1 or any of your native vlans you defined on the switch. Make sure you don't break any uplinks when doing this.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

Prateek Saxena · ‎06-12-2017

From 8.0 code it is mandatory to tag the management vlan. From the output you have provided you have management untagged:

management LAG untagged 10.149.80.250 Static Yes No

you need to provide a vlan id there. If you have vlan 1 as native vlan on the switch trunk link, make any other vlan as native and tag the management vlan with id 1 using the command "config interface vlan management 1"

manvik · ‎12-16-2021

Thanks, we too had same scenario with VLAN 1, for the SW int gave some other VLAN as native and added VLAN 1 in trunk list.

Note, when you enable SSO in WLC, your WLAN interfaces would get changed to management. You'll have to change it to SSID interface, else you might not get connected.