WLC 8510 AP SSO Failure

JPavonM · ‎05-12-2015

We have both controller with AireOS release 8.0 and we are facing issues as after building the HA, the APs are unable to join.

We have tagged management interface into the controller and the VLAN is tagged in the TenGigaEth interface in the distribution switch as required after release 8.0 but HA port is in access mode in distribution switch. HA is working fine as shows by the "show redundancy summary" command but the "debug capwap event" shows the APs sending and receiving capwap events but they are not joining.

Through ARP we have the management IP through HA port so maybe this is the issue. Should we need to configure "config redundancy management-gateway-failover disable" to solve this?

In parallel, we have missed the web interface and the controller is only reacheable through SSH.

Any suggestion?

Finn Rud Laursen · ‎05-13-2015

Its not as simple as bad time on the WLC?

Try to "kill" the uplink to the secondary WLC. I looks like you might be in active/active state.

JPavonM · ‎05-27-2015

The issue is fixed but it has to be a joke. After the TAC engineer conversation, the issue was related with the ip address assigned to the service port and the management interface as these has to have difference in the first octect. Incredible.

Why Cisco does not refer to that in deployment documentation??

Finn Rud Laursen · ‎05-27-2015

They actually do:

Caution Do not configure wired clients in the same VLAN or subnet of the service port on the network. If you configure wired clients on the same subnet or VLAN as the service port, you will not be able to access the management interface.

But I agree... Its a mess. When assigning the IP address on the service-port it would be nice to see a pop-up. "Please use a special IP addresses on this interface..."