cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5884
Views
106
Helpful
14
Replies

WLC 9800 Service Port operation in SSO HA

Hi wireless ninjas :0)

is it possible to have different IP-addressing on the Service Ports on C9800-L nodes running SSO HA?

1 Accepted Solution

Accepted Solutions

I have kept SP on DHCP & reserve different IP address based on its MAC address.

Code perspective TAC recommendation is to stay with 16.12.4x rather 17.3.x. There should not be major differences other than new features in 17.3.x

There are some changes in HA-SSO, so pay attention

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-1/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-1.pdf 

 

Here is the updated document for 17.3.2

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-3/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-3.pdf 

 

 

HTH

Rasika

 

View solution in original post

14 Replies 14

Scott Fella
Hall of Fame
Hall of Fame
What are you trying to achieve. In SSO, the active only can be used, even to gather info from the secondary. I use console for both, but you can’t run many commands on the secondary. I don’t see a need to have this, it’s like in AireOS, you can’t have the service port connected to the network if that vlan has access to the management. It’s typically to have the service port with the same ip in case you are troubleshooting, you just connect to one ip and then move the cable to the other.
-Scott
*** Please rate helpful posts ***

Hi Scott

i highly appreciate your input. I need different IP on standby unit  for even poor diagnosis similar to one u have via console. Sorry, but from your response it's still not clear is subject possible or not. Could u pls clarify? Unfortunately i cannot test it w/o hw on hands.

 

P.S> u know in the real life we often meet extraordinary situations were we need a little bit more diagnosis than provided by default.

You can set the service port as the service port is on the same vrf as the management, so prior to SSO, you would define that. Service port is out of band management, may question is, what do you plan to do with it since it limited to any show commands, just like console and ssh on the standby. The function of the 9800’s is different from AireOS, so don’t think its the same as the two are different.
-Scott
*** Please rate helpful posts ***

@least i'll be able to see it's alive & still standby in extraordinary case.

By the way, the standby doesn’t allow for any commands. You will receive and error "Standby console disabled"
-Scott
*** Please rate helpful posts ***

Console access on standby needs to be explicitly enabled using this command from the active WLC:
9800(config)#redundancy
9800(config-red)# main-cpu
9800(config-r-mc)#standby console enable

Good to know!  Thanks for sharing.

-Scott
*** Please rate helpful posts ***

Hello Scott Fella,

I know its outdated - but simply need to Ping the standby, to be noticed if it fails in background without configuring snmp or syslogs or reviewing the active WLC to be sure it is still in Hot Standby.

Carsten

I would say you can configure it.

In my case, I have a 9880 HA pair. I have configured out of band management IP for the service port

x.x.32.251 (WLC1-SP)

x.x.32.252 (WLC2-SP)

 

In-band-management will be y.y.y.250 as VIP and .251 & .252 as RMI.

 

You cannot access the standby controller using its service port (you can only access active WLC service port via network). You have to use RMI IP if you want to access the standby WLC

 

HTH

Rasika

*** Pls rate all useful responses ***

Hi Rasika.

tons of tnx for response. so, u only can ping SP IP on the stdby unit from its local VLAN?

& u r probably running  something >= Amster 17.1 on it, right? is it production deployment? how stable is it?

I haven't able to test (since WFH for a long time now) it what is the behaviour accessing standby Unit if I am on local VLAN.

 

I am with 17.3.2a and its the first 9800 deployments in my campus environment. We went with it in two new buildings and not yet fully production, I have to say, it is a bit challenging until you familiar with new config model & familiar with troubleshooting 9800. There are lot of cool things in 9800 though (easy to take pcap, radioactive traces,etc)

 

HTH

Rasika

i guess there r no a lot of challenges comparing 17.3.2a to 16.12.*? & one more Q pls: how did u achieve different IP addresses on the SPs? does standby simply keep it after joining to SSO HA?

I have kept SP on DHCP & reserve different IP address based on its MAC address.

Code perspective TAC recommendation is to stay with 16.12.4x rather 17.3.x. There should not be major differences other than new features in 17.3.x

There are some changes in HA-SSO, so pay attention

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-1/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-1.pdf 

 

Here is the updated document for 17.3.2

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-3/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-3.pdf 

 

 

HTH

Rasika

 

short update from 1st HA SSO w/ C9800-l-f:

as it was predicted configuring "ip addr dhcp" on G0 within VRF Mgmt makes a trick (w/ standby-console enabled).

But in HA SSO standby's G0 got disconnected. Effectively leaving deployment w/ single SP port active. One can use for CLI'ing/GUI'ing to deployment as WMI interface. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: