cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1266
Views
10
Helpful
14
Replies

WLC 5520 HA SSO, configure CIMC ports

Clem58
Level 3
Level 3

Hello,


We have 2 WLCs 5520 in HA SSO mode.

We need to have the CIMC ports configured to be able to sometimes power on/off, reset and so on the devices, via the CIMC https web interface.

 

I have searched but I was not able to find a precise procedure to do so.

What are the exact steps to do this ? Can we do this configuration without disrupting anything ?

14 Replies 14

craig.beck
Level 1
Level 1

The CIMC ports can use DHCP to obtain an IP address. Connect them to a subnet with DHCP and check the DHCP server lease table to determine the IP obtained, then login via HTTPS and configure as required. There should be no downtime needed for this.

Thanks Craig, we want to configure static IPs on our CIMC interfaces, so I guess we can do so with imm commands.

By the way, our WLCs are on 8.2.130 code and here is the CIMC version :


BIOS Information
Vendor: Cisco Systems, Inc.
Version: C220M4.2.0.10c.0.032320160810
Release Date: 03/23/2016

 

We will upgrade the WLCs code to 8.2.170 first then 8.5.171, in a few weeks.

 

Do we need to upgrade the CIMC version too, or we can keep this one ?

Keep in mind that the CIMC provides a separate function than the 5520 itself.  It's like HP ILO, so you want to upgrade when there is any vulnerabilities that you want to remediate and or any functions that maybe is not working properly and you want to remediate that.  

-Scott
*** Please rate helpful posts ***

Thanks Scott for your answer, always your expert advices had been really relevant and helpful for me, so I really trust your expertise !

 

So according to what you said, we can keep this CICM version even if we upgrade the WLC codes as it's threated separately, correct ?

 

For HA SSO mode, we need to assign static IP on each WLC CICM interface (primary+standby), and doing this won't disrupt the WLCs at all ?

It doesn't matter if you're in HA SSO mode or not. As Scott said, the WLC and CIMC are completely separate. CIMC manages the hardware itself so you can configure the CIMC without affecting the running WLC.

 

Yes, if you're happy to use the IMM, configure a static IP from there. The CIMC will restart but no WLC connectivity will be lost.

 

If the CIMC is accessible from the wider network I'd look to upgrade it, but if it's on an isolated management network with limited access, I'd probably leave as-is if you're happy with the old-style CIMC GUI.

Just tell yourself its separate and has nothing to do with each other.  My suggestion is to always play around in the lab so you get your process down.  You could always leave it and setup a mac address reservation if you are not comfortable, but again, that is why eryone should have a lab, because you will learn in case you do something wrong, but in production, if you do something wrong, the panic sets in and then you have to figure out a work around.  In the lab, you would know the work around and be able to revert back.

-Scott
*** Please rate helpful posts ***

I totally agree with you Scott, I have a lab set, but only with virtual WLC, so no CIMC ports

I'n not here to scare you, just that from my years working on wireless, you never know.  I always put in for budget equipment for the lab, just so that I'm ready and also allows me to test.  I was never a fan of the vWLC, but the new 9800-CL is so much better, but that is for another day:).  

Changing the ip on the CIMC is pretty straight forward, but if you ever need to upgrade the CIMC, then you better read multiple guides and blogs, because you are also running SSO.  

Good luck

-Scott
*** Please rate helpful posts ***

Ok, many thanks Scott and Craig for your useful advices !

Leo Laohoo
Hall of Fame
Hall of Fame

@Clem58 wrote:

Version: C220M4.2.0.10c.0.032320160810


You might want to consider upgrading the firmware of the CIMC as well.  

WARNING

  1. CIMC upgrade will take, approximately, 55 to 75 minutes.  Per unit.  
  2. During the CIMC upgrade, the physical unit is completely off.  
  3. Cisco's documentation about how to upgrade the CIMC firmware is to be avoided because the do not contain anything useful
  4. @Rasika has knocked up a very good guide (LINK) about CIMC upgrade.

  

Thanks Leo, as this upgrade implies a WLC reboot I think we will keep the current CIMC code.

 

In fact I don't have really got if it's the WLC that will reboot or only the CIMC module.

I've now access to both CIMC interfaces for WLC1 & 2, using DHCP with a 2 IPs range, then I did access the CIMC management and set static IPs, finally I removed the DHCP scopes (and helpers).

 

Furthermore as 2.0.10c version is Flash based it has been a lot complicated to connect, I had to use an opensource browser that is not blocking flash in order to access the CIMC webadmin pages.

 

So the main thing is we can now access CIMC management interfaces, that will permit us to do the WLC fw upgrades without having someone physically on site in the datacenter. Here are the steps :

  1. Upgrade from 8.2.130 to 8.2.170 on a 1st period Window
    • Use CIMC to monitor or t-shoot
  2. Upgrade from 8.2.170 to 8.5.171 on a 2nd period Window
    • Use CIMC to monitor or t-shoot
  3. Upgrade CIMC on a 3rd period Window
    • Have someone physically on site in case of any CIMC failure and need to do action physically on site

I'll keep you posted here, when I will have finished the 3 steps !

Again thank you very much for your priceless help Leo, Craig and Scott.

Jumping in late here but a few points:

- For those saying CIMC and WLC are completely separate - that is not true.  The AireOS software communicates with the CIMC software for temp, fan speed, RAID status and other operational parameters so having compatible versions matters.  And there is an unfixed bug which causes that communication to break after an indeterminate amount of uptime (even with latest CIMC and AireOS).  WLC reload fixes it.  You'll know it's happened when the fans go to permanent full speed and AireOS can no longer display the temp sensor readings or fan speeds and show sysinfo may report RAID problems (but CIMC doesn't see any problem).  Cisco are battling to work out the cause - currently tracked on https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw56977  This also causes faults when attempting to upgrade the software because of problems accessing the disks.

- As others have pointed out already there are numerous bug fixes, security fixes (and removing insecure and unsupported Adobe flash) which mean CIMC needs to be upgraded if your organisation cares about security compliance at the very least.

- the imm commands cannot be used to configure standby WLC in SSO pair on earlier versions of AireOS.  You should always configure CIMC using imm before you join the SSO pair or use the DHCP workaround which you used: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf57867

- Always read the release notes for recommended version of CIMC - that's what Cisco have tested the code with and anything else is  'unsupported' - meaning at your own risk.  I highlighted a while back that they were not updating recommended CIMC in line with Cisco's own PSIRT notices - but that seems to be fixed now in the latest release notes: https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr7.html#cimc-upgrade - some fairly serious bugs in older CIMC code which are fixed in the updates.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: