WLC 9800-CL HA Configuration

Debabrata Majhi · ‎11-29-2024

Hi All,

We are configuring new WLC 9800-CL version 17.2.3 in VMware environment. HÀ is configured and running as expected, RMI and WMI in subnet and VLAN of wireless management interface However we are getting the below error may you please advise

RMI IP must be in the same subnet as Wireless Management Interface (WMI). For more information -Screen shot attached for reference.

Please advise if we are missing anything to configure the HA

Here is the below interface configuration

Gig1-AS OOB

GIg2-VGT-TRUNK

Gig-RP port HA

Thanks

Debabrata

Flavio Miranda · ‎11-29-2024

@Debabrata Majhi

"

Information About Redundancy Management Interface

The Redundancy Management Interface (RMI) is used as a secondary link between the active and standby Cisco Catalyst 9800 Series Wireless Controllers. This interface is the same as the wireless management interface, and the IP address on this interface is configured in the same subnet as the Wireless Management Interface. The RMI is used for the following purposes:"

This is a requeriment.

MHM Cisco World · ‎11-29-2024

in simple words

WMI RMI must be in same subent

RPI must be in different subnet than (WMI/RMI)

MHM

Rich R · ‎11-30-2024

Have you followed https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-cl-dg.html#Deployingthe9800CLusingVMwareESXi and https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide/installing_the_controller.html and checked each step carefully (easy to miss some minor details)?

Also see https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220277-configure-high-availability-sso-on-catal.html#toc-hId-112823875 and https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#C9800CLconsiderations

ps: Screen shot attached for reference.
I don't see any screenshot attached.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Debabrata Majhi · ‎12-01-2024

Hi All,

Thanks for helping me out from this issue

As per ACI deployment guide I have applied the following still the issue same

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_vewlc_high_availability.html

Device(config)# no redun-management fast-switchover

devce(config)# redun-management garp-retransmit burst 0 interval 0

Device(config)# no redun-management garp-retransmit initial

Regards

Debabrata

Debabrata Majhi · ‎12-01-2024

Hi All,

seems issue not fixed ,Its showing again ,very strange

WMI and RMI in same subnet

RPI interface is auto populated based on the RMI

Gig3 -RP port is different EPG (ACI) not is same EPG (WMI)

Please advise if any further advice

Thanks

marce1000 · ‎12-01-2024

- To get a detailed report on your 9800 configuration and what is wrong use this procedure :
issue the CLI command on the primary controller show tech wireless (not show tech) and feed the output
from that into Wireless Config Analyzer

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Debabrata Majhi · ‎12-01-2024

Hi All,

Here is the config below

device#show romvar
ROMMON variables:
SWITCH_NUMBER = 1
LICENSE_SUITE =
SWITCH_PRIORITY = 2
CHASSIS_HA_IFNAME = GigabitEthernet3
CHASSIS_HA_IFMAC = 00:00:00:00:00:00
RMI_INTERFACE_NAME = Vlan24
RMI_CHASSIS_LOCAL_IP = 10.24.24.12
RMI_CHASSIS_REMOTE_IP = 10.24.24.13
CHASSIS_HA_LOCAL_IP = 169.254.24.12
CHASSIS_HA_REMOTE_IP = 169.254.24.13
CHASSIS_HA_LOCAL_MASK = 255.255.255.0
RET_2_RTS =
CSDL_MODE_DISABLE = 1
BSI = 0
RET_2_RCALTS =
RANDOM_NUM = 1243252048
LICENSE_BOOT_LEVEL =
CHASSIS_HA_PEER_TIMEOUT = 500
CHASSIS_HA_PEER_TIMEOUT_RETRY = 10
device#show chas
device#show chassis rmi
Chassis/Stack Mac Address : 0000.0000.0000 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
Chassis# Role Mac Address Priority Version State IP RMI-IP
--------------------------------------------------------------------------------------------------------
*1 Active 000x.1111.1115 2 V02 Ready 169.254.24.12 10.24.24.12
2 Standby 000x.1111.1102 1 V02 Ready 169.254.24.13 10.24.24.13

device#show wireless interface summary

Wireless Interface Summary

Interface Name Interface Type VLAN ID IP Address IP Netmask NAT-IP Address MAC Address
--------------------------------------------------------------------------------------------------
Vlan24 Management 24 10.24.24.10 255.255.255.0 0.0.0.0 001e.bd86.60ff

Note:MAC are chnage due to security

Thanks

Debabrata

Rich R · ‎12-01-2024

@Debabrata Majhi I didn't see any answer to my previous reply so I'll ask again...
Have you checked those guides carefully to make sure you have not missed any minor details?

Have you done a complete check of your config with Config Analyzer as advised by @marce1000 ?

I presume 17.2.3 is just a typo and you meant 17.12.3?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Debabrata Majhi · ‎12-01-2024

Hi marce1000 , Rich R

Here is the report

Error	Best Practices	Management	Management: HTTP server does not have an IPv4 access class set. To improve security, it is advisable to set ACL explicitly allowing address that can configure the controller
Warning	Config Error	Version	Version: IOS-XE Controller with not recommended code:17.12.3, please check software download page for the current version for your hardware
Warning	Best Practices	High Availability	High Availability: Redundancy mac address is not set. This is mandatory configuration value if using redundancy feature
Warning	Config Error	Management	Management: To prevent WebUI issues while using some large GUI options (VLANs for example), it is advisable to increase the VTY count to 50
Warning	Best Practices	Management	Management: Service tcp-keepalive in/out, should be enabled to reduce lingering inactive connections to management points
Warning	Config Error	Security	Security: Current configuration is vulnerable to CVE-2023-48795/CSCwi59338, Chacha20 should be removed from SSH encryption options
Warning	Best Practices	Security	Security: Management user has not been set. For security reasons, it is best practice to configure username/password for AP access on the join profile. AP Profiles: default-ap-profile
Warning	Best Practices	Syslog	Syslog: Syslog host is not set (using default broadcast value). For best practices, it is recommended to use a syslog server. AP Profiles: default-ap-profile
Info	Best Practices	11b	11b: Legacy rate enabled in Global Config . Disabling low data rates/11b can help to optimise the channel utilisation on the 2.4 band. Depending on RF coverage, or if using legacy clients, this may cause problems. Please validate before enforcing the changes, as this may have important RF dependencies.
Info	Best Practices	Client Profiling	Client Profiling: Device Classification (client profiling) is not globally enabled, it is recommended to use it
Info	Best Practices	RRM	RRM: ED-RRM is not in use. It is recommended to enable for enterprise environments. Band(s): 2.4 GHz 5 GHz
Info	Best Practices	Security	Security: Password Encryption is not enabled. This is optional feature to protect keys/passwords in configuration
Info	Best Practices	Tags	Tags: For versions 17.6 and higher, it is advisable to use AP tag persistency command, to ensure tags are preserved if AP is temporarily moved to another controller
Info	Information	AAA	AAA: The max-user-login feature is set. This restricts how many clients can share the same username during authentication. Ensure this is intended, as this can impact some deployment scenarios
Info	Best Practices	Rogues	Rogues: Rogue AP policies and rules should be defined, specially around managed SSIDs
Info	Information	Policy Profile	Policy Profile: Disabled profile, no configuration checks run. Policy Profile(s): default-policy-profile
Info	Best Practices	Monitoring	Monitoring: AP system monitoring statistics are not enabled. To improve AP status visibility it would be recommended to use it. AP Profiles: default-ap-profile

230034 -It is fixed now ,Howver Please advice the version I should take upgrade -To fix the other issue ?

Thanks

Debabrata

marce1000 · ‎12-01-2024

@Debabrata Majhi wrote : Here is the report
>...
If you have the HTML or Excell version then all errors red flagged from the WLC results must always be corrected ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Flavio Miranda · ‎12-02-2024

@Debabrata Majhi

If you intent to connect the WLC to ACI to perform High availability, you need to be on version Cisco IOS XE Cupertino 17.9.1

This information is on the doc you shared above.

Debabrata Majhi · ‎12-02-2024

Hi

It is upgraded to 17.9.6 version now ,Howver still it is showing same

Thanks

Flavio Miranda · ‎12-02-2024

Are you sure everything is fine from the ACI side?

marce1000 · ‎12-02-2024

- Could you also provide the current ip address of the WMI ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '