Solved: WLC C9800-L-C-K9 not doing SSO switchover with RMI+RP

jose.franco · ‎03-28-2022

Hello Friends, i hope you all are very well.

I´m having troubles with the RMI+RP configuration on a C9800-L-C-K9 cluster, configured the following parameters:

CHASSIS_HA_LOCAL_IP = 169.254.119.205
CHASSIS_HA_REMOTE_IP = 169.254.119.206
CHASSIS_HA_LOCAL_MASK = 255.255.255.0

RMI_INTERFACE_NAME = Vlan302
RMI_CHASSIS_LOCAL_IP = 10.220.119.205
RMI_CHASSIS_REMOTE_IP = 10.220.119.206

WLC01#show redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Primary
Unit ID = 1

Redundancy Mode (Operational) = sso
Redundancy Mode (Configured) = sso
Redundancy State = sso
Maintenance Mode = Disabled
Manual Swact = enabled
Communications = Up

client count = 149
client_notification_TMR = 30000 milliseconds
RF debug mask = 0x0
Gateway Monitoring = Enabled
Gateway monitoring interval = 6 secs

The devices are connected via PortChannel to a C3560G, Active WLC (Two0/0/1-2 -> Gi0/3 - 4 **PortChannel 1) and StandBy (Two0/0/1-2 -> Gi0/5 - 6 **PortChannel 2) for a HA test. The main problem comes when i perform a shutdown on the Po1, its expected that due to lost of connectivity to the default gateway (which is configured on the test switch, i will add some data in the next section) the WLC would perform a switchover to maintain connectivity to the DG, but is not happening:

Switch:

interface Vlan302
description *** Wireless Network ***
ip address 10.220.119.222 255.255.255.224

Core01#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 2
Number of aggregators: 2

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Gi0/3(P) Gi0/4(P)
2 Po2(SU) - Gi0/5(P) Gi0/6(P)

Active WLC:

WLC01#show run | inc default
ip default-gateway 10.220.119.222

WLC01#ping 10.220.119.222
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.220.119.222, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/2 ms
SPC-OT-RG1-WLC01#

Once that the Po1 is down, the WLC logs the link faiulre and the RMI link down is received but there is no switchover to the standby WLC

SPC-OT-RG1-WLC01#
*Mar 28 18:51:47.301: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to down
*Mar 28 18:51:48.298: %LINK-3-UPDOWN: Interface TwoGigabitEthernet0/0/1, changed state to down
*Mar 28 18:51:48.300: %LINK-3-UPDOWN: Interface TwoGigabitEthernet0/0/2, changed state to down
*Mar 28 18:51:48.302: %LINK-3-UPDOWN: Interface Vlan302, changed state to down
*Mar 28 18:51:48.303: %LINK-3-UPDOWN: Interface Port-channel1, changed state to down
*Mar 28 18:51:49.298: %LINEPROTO-5-UPDOWN: Line protocol on Interface TwoGigabitEthernet0/0/1, changed state to down
*Mar 28 18:51:49.301: %LINEPROTO-5-UPDOWN: Line protocol on Interface TwoGigabitEthernet0/0/2, changed state to down
*Mar 28 18:51:49.302: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan302, changed state to down
*Mar 28 18:52:15.707: %RIF_MGR_FSM-6-RMI_LINK_DOWN: Chassis 1 R0/0: rif_mgr: The RMI link is DOWN.
*Mar 28 18:52:15.777: %RIF_MGR_FSM-6-RMI_LINK_DOWN: Chassis 2 R0/0: rif_mgr: The RMI link is DOWN.

WLC01#show chassis
Chassis/Stack Mac Address : f01d.2d39.1220 - Local Mac Address
Mac persistency wait time: Indefinite
Local Redundancy Port Type: Twisted Pair
H/W Current
Chassis# Role Mac Address Priority Version State IP
-------------------------------------------------------------------------------------
*1 Active f01d.2d39.1220 2 V02 Ready 169.254.119.205
2 Standby f01d.2d39.1060 1 V02 Ready 169.254.119.206

Is this the expected behaviour under this scenario? probably i would need another switch to try a HSRP environment.

by the way, this is the IOS version:

WLC01#show version
Cisco IOS XE Software, Version 17.03.03
Cisco IOS Software [Amsterdam], C9800 Software (C9800_IOSXE-K9), Version 17.3.3, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Thu 04-Mar-21 12:37 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2021 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: 16.12(3r)

SPC-OT-RG1-WLC01 uptime is 44 minutes
Uptime for this control processor is 46 minutes
System returned to ROM by IntelResetRequest
System image file is "bootflash:packages.conf"
Last reload reason: IntelResetRequest

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Type: Smart License is permanent
License Level: adventerprise
Next reload license Level: adventerprise
AIR License Level: AIR DNA Advantage
Next reload AIR license Level: AIR DNA Advantage

The current crypto throughput level is 0 kbps

Smart Licensing Status: Registration Not Applicable/Not Applicable

cisco C9800-L-C-K9 (KATAR) processor (revision KATAR) with 1702951K/6147K bytes of memory.
Processor board ID FCL255100TE
Router operating mode: Autonomous
2 Virtual Ethernet interfaces
4 2.5 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
16777216K bytes of physical memory.
26251263K bytes of eUSB flash at bootflash:.
26251263K bytes of eUSB flash at bootflash-2:.

Base Ethernet MAC Address : F0:1D:2D:39:12:20

Installation mode is INSTALL

Configuration register is 0x102

WLC01#

I will appreciate very much any help with this issue.

Thank you all.

jagan.chowdam · ‎03-29-2022

From Cisco IOS XE Amsterdam 17.2.1 onwards, the method to configure the gateway IP has been modified. The ip default-gateway gateway-ip command is not used. Instead, the gateway IP is selected based on the static routes configured. From among the static routes configured, the gateway IP that falls in the same subnet as the RMI subnet is chosen. If no matching static route is found, gateway failover will not work (even if management gateway-failover is enabled).

Can you verify the static routing config

CJ

/** Please rate all useful responses**/

View solution in original post

marce1000 · ‎03-29-2022

- I am not sure if shutting down network links (or Port-channel) is a good methodology for testing failover, it may lead to split brain conditions only. Check if failover works if primary controller is shutdown completely. For the rest you may have an in-depth check of the configuration of the controller(s) with (CLI) : show tech wireless , have the output processes by : https://cway.cisco.com/tools/WirelessAnalyzer/ , you will get lots of useful advisories.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

ammahend · ‎03-29-2022

Both gateway check prerequisite look good: you are running above 17.1 and gateway check is enabled.
page 30 and 31 in this document shows how it should behave

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/9800/17-1/deployment-guide/c9800-ha-sso-deployment-guide-rel-17-1.pdf

i would recommend to contact support.

-hope this helps-

jagan.chowdam · ‎03-29-2022

From Cisco IOS XE Amsterdam 17.2.1 onwards, the method to configure the gateway IP has been modified. The ip default-gateway gateway-ip command is not used. Instead, the gateway IP is selected based on the static routes configured. From among the static routes configured, the gateway IP that falls in the same subnet as the RMI subnet is chosen. If no matching static route is found, gateway failover will not work (even if management gateway-failover is enabled).

Can you verify the static routing config

CJ

/** Please rate all useful responses**/

jose.franco · ‎03-30-2022

@jagan.chowdam thank you very much!!! that was the issue, i was using the ip default-gateway gateway-ip command, i don't have too many experience with this device. But your reply was very helpfull, i was able to set properly the RMI+RP function and the HA tests were successful. When one member in the cluster is powered off and when the corresponding portchannel links are down (disconnection) the WLCs were able to switchover due to lost of connectivity with DG.

Again thank you very much for your help.

Best Regards.

JF.