We have 2 WLCs 5520 in HA SSO mode.
We need to have the CIMC ports configured to be able to sometimes power on/off, reset and so on the devices, via the CIMC https web interface.
I have searched but I was not able to find a precise procedure to do so.
What are the exact steps to do this ? Can we do this configuration without disrupting anything ?
The CIMC ports can use DHCP to obtain an IP address. Connect them to a subnet with DHCP and check the DHCP server lease table to determine the IP obtained, then login via HTTPS and configure as required. There should be no downtime needed for this.
Thanks Craig, we want to configure static IPs on our CIMC interfaces, so I guess we can do so with imm commands.
By the way, our WLCs are on 8.2.130 code and here is the CIMC version :
Vendor: Cisco Systems, Inc.
Release Date: 03/23/2016
We will upgrade the WLCs code to 8.2.170 first then 8.5.171, in a few weeks.
Do we need to upgrade the CIMC version too, or we can keep this one ?
Keep in mind that the CIMC provides a separate function than the 5520 itself. It's like HP ILO, so you want to upgrade when there is any vulnerabilities that you want to remediate and or any functions that maybe is not working properly and you want to remediate that.
Thanks Scott for your answer, always your expert advices had been really relevant and helpful for me, so I really trust your expertise !
So according to what you said, we can keep this CICM version even if we upgrade the WLC codes as it's threated separately, correct ?
For HA SSO mode, we need to assign static IP on each WLC CICM interface (primary+standby), and doing this won't disrupt the WLCs at all ?
It doesn't matter if you're in HA SSO mode or not. As Scott said, the WLC and CIMC are completely separate. CIMC manages the hardware itself so you can configure the CIMC without affecting the running WLC.
Yes, if you're happy to use the IMM, configure a static IP from there. The CIMC will restart but no WLC connectivity will be lost.
If the CIMC is accessible from the wider network I'd look to upgrade it, but if it's on an isolated management network with limited access, I'd probably leave as-is if you're happy with the old-style CIMC GUI.
Just tell yourself its separate and has nothing to do with each other. My suggestion is to always play around in the lab so you get your process down. You could always leave it and setup a mac address reservation if you are not comfortable, but again, that is why eryone should have a lab, because you will learn in case you do something wrong, but in production, if you do something wrong, the panic sets in and then you have to figure out a work around. In the lab, you would know the work around and be able to revert back.
I'n not here to scare you, just that from my years working on wireless, you never know. I always put in for budget equipment for the lab, just so that I'm ready and also allows me to test. I was never a fan of the vWLC, but the new 9800-CL is so much better, but that is for another day:).
Changing the ip on the CIMC is pretty straight forward, but if you ever need to upgrade the CIMC, then you better read multiple guides and blogs, because you are also running SSO.
You might want to consider upgrading the firmware of the CIMC as well.
Thanks Leo, as this upgrade implies a WLC reboot I think we will keep the current CIMC code.
In fact I don't have really got if it's the WLC that will reboot or only the CIMC module.
I've now access to both CIMC interfaces for WLC1 & 2, using DHCP with a 2 IPs range, then I did access the CIMC management and set static IPs, finally I removed the DHCP scopes (and helpers).
Furthermore as 2.0.10c version is Flash based it has been a lot complicated to connect, I had to use an opensource browser that is not blocking flash in order to access the CIMC webadmin pages.
So the main thing is we can now access CIMC management interfaces, that will permit us to do the WLC fw upgrades without having someone physically on site in the datacenter. Here are the steps :
I'll keep you posted here, when I will have finished the 3 steps !
Again thank you very much for your priceless help Leo, Craig and Scott.
Jumping in late here but a few points:
- For those saying CIMC and WLC are completely separate - that is not true. The AireOS software communicates with the CIMC software for temp, fan speed, RAID status and other operational parameters so having compatible versions matters. And there is an unfixed bug which causes that communication to break after an indeterminate amount of uptime (even with latest CIMC and AireOS). WLC reload fixes it. You'll know it's happened when the fans go to permanent full speed and AireOS can no longer display the temp sensor readings or fan speeds and show sysinfo may report RAID problems (but CIMC doesn't see any problem). Cisco are battling to work out the cause - currently tracked on https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw56977 This also causes faults when attempting to upgrade the software because of problems accessing the disks.
- As others have pointed out already there are numerous bug fixes, security fixes (and removing insecure and unsupported Adobe flash) which mean CIMC needs to be upgraded if your organisation cares about security compliance at the very least.
- the imm commands cannot be used to configure standby WLC in SSO pair on earlier versions of AireOS. You should always configure CIMC using imm before you join the SSO pair or use the DHCP workaround which you used: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf57867
- Always read the release notes for recommended version of CIMC - that's what Cisco have tested the code with and anything else is 'unsupported' - meaning at your own risk. I highlighted a while back that they were not updating recommended CIMC in line with Cisco's own PSIRT notices - but that seems to be fixed now in the latest release notes: https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr7.html#cimc-upgrade - some fairly serious bugs in older CIMC code which are fixed in the updates.