07-29-2019 06:51 AM - edited 07-05-2021 10:46 AM
I changed the address on a pair of 5508's in HA mode this weekend. I was unable to find a detailed procedure to do this so I thought I would post it here. These are running 8.2.166.0.
First, I changed the primary controller for all of the access points to my new address using Prime. If you do not have Prime you would need to issue this command for each AP:
config ap primary-base <wlc name> <wlc address>
Or from the GUI, select an AP, click on the High Availability tab and enter the WLC name and new address as the primary address. You could also use your current address as primary and the new address as secondary.
I also enabled ssh for the AP's globally so I could connect to them remotely if I had problems getting them to join on the new address. Luckily I didn't.
config wlan disable all
config redundancy mode disable
config interface address management 10.0.0.19 255.255.255.240 10.0.0.17
config interface vlan management 23
config interface address redundancy-management 10.0.0.21 peer-redundancy-management 10.0.0.20
config port adminmode all enable
config interface address management 10.0.0.18 255.255.255.240 10.0.0.17
config interface vlan management 23
config interface address redundancy-management 10.0.0.20 peer-redundancy-management 10.0.0.21
config redundancy mode sso
config wlan enable all
(WLC1) >show interface summary
Number of Interfaces.......................... 5
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management LAG 23 10.0.0.18 Static Yes No
redundancy-management LAG 23 10.0.0.20 Static No No
redundancy-port - untagged 169.254.0.20 Static No No
service-port N/A N/A 0.0.0.0 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(WLC1) >show redundancy summary
Redundancy Mode = SSO ENABLED
Local State = ACTIVE
Peer State = STANDBY HOT
Unit = Primary
Unit ID = 4C:00:82:71:E6:40
Redundancy State = SSO
Mobility MAC = 4C:00:82:71:E6:40
BulkSync Status = Complete
Average Redundancy Peer Reachability Latency = 428 Micro Seconds
Average Management Gateway Reachability Latency = 2099 Micro Seconds
Don't forget to change the network device address for the WLC in ISE. After I did this it still would not authenticate wireless users. I was getting this error for everything in the live log:
5441 | Endpoint started new session while the packet of previous session is being processed. Dropping new session. |
I had seen a similar problem in the past though I can't remember what caused it. I restarted ISE and authentications started working again. I think there may be a command to clear the cache so that a restart isn't necessary but I am not sure what that is.
So just thought this might help someone. I invite and welcome any improvements to this procedure.
-Jeff
07-29-2019 01:21 PM
Thank you Jeff posting this procedure, I am sure it will help many others.
Rasika
09-22-2020 07:13 AM
Hello, thanks for the info, i have the same task, WLCs in HA shall get a new IP.
I was wondering that you have to break the HA, can't we just enter the 3 new IPs and apply the new setup?
10-14-2020 06:11 PM
I'm wondering the same thing here. I don't need to update management IPs, I just need to update the gateway IP, still in the same subnet. Still, thank you for posting this and informing us that when you break the HA, the WLC will reboot. That would be scary if not expecting it.
10-14-2020 06:40 PM
Your management IPs are different, is that supposed to be like that? I thought with HA the management IPs should be the same. If I'm incorrect, what happens in a failover event when the management IP is different and the APs cannot build the CAPWAP tunnel?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide