Hello, thanks for video... I did the same as You on our 3504s, but if I put command "sh int sum" at 10:32 than the command shows that both controller have same management IP addresses... if I do box failover (by using command redundancy force-switchover) to test HA than the standby unit become active ) and the "old active unit" starts rebooting but Im unable to reach new active unit via web browser and after once the old primary unit become alave it starts to be active also so both controllers looks active and Im unable to reach any GUI... in this case I can only reload the system with "reset system" commands on the "old primary unit" but both WLCs reloading automatically... and I have no idea why... any ideas? thaks a lot in advance... regards...
Looks like there is something wrong with the HA keepalive mechanism here. It can be because of the cable issue on the RP port. Please check the cabling and make sure there is nothing wrong on the communication side for Management and RP ports. If the HA keepalive mechanism is working as expected then the duel active state will not happen at any point of time
@@CiscoNetworking at this point the devices are connected to each other by using 30cm long patchcable... I rechecked the Cisco´s official article about SSO and found this "The new architecture for HA is for box-to-box redundancy. In other words, 1:1 where one WLC will be in an Active state and the second WLC will be in a Hot Standby state continuously monitoring the health of the Active WLC via a Redundant Port. Both the WLCs will share the same set of configurations including the IP address of the Management interface." so its ok that both WLCs have same management interface IP... I will test today out of office hours again to do force switchover and I will see what will happen... but I dont think that this is ok as after the reload the old primary unit bot WLCs seems to be primary unit... but thanks for reacting my comment here... I apreciate that...
When WLC runs on HA SSO both WLCs are going to share the same IP. Even though the IP is going to be the same the MAC address will change based on the active WLC MAC. So at any point of time we should not have both WLCs in an active state. This can happen only with a broken HA keepalive mechanism.
@@CiscoNetworking seems like that, but if I connect to management IP of primary-active unit as usual, I can see redundancy statistics under "Monitor/Redundancy/Statistics -> Category: All" and there are "Keepalive Couters"/"Network Latencies (RTT) for the Peer Reachability in microsec" etc and also I can see peer statistics under Monitor/Redundancy/Peer Statistics... under "Redundancy/Summary" I Can see that local state is active, peer state is "standby hot" redundancy state "SSO" "Bulk Sync status: complete"... so I think if there is no connection I wouldn´t see all their statistics...
Thanks for making wonderful wireless videos. Sir I need theory lectures of wireless also so that my concept are more clear, because all the lectures I am watching are about configuration only. Please help me with theory also.
Will try to do some of them, but really doubt that can meet your requirement. You should try to get a proper CCNA and CWNA instructor lead training to start with a career in Wireless Domain
Hii, thanks for making this video. I need your help. currently, i have plan wireless deployment HA SSO on DC and DRC. WLC 1 on site A and WLC 2 on site B. Is possible we deploy HA SSO with different site ? Because RP need only L2 connectivity right ?
Hello I have this problem with the primary and secondary controller. Redundancy Mode = SSO ENABLED Local State = MAINTENANCE Peer State = UNKNOWN - Communication Down Unit = Primary Unit ID = CC:70:ED:15:E8:60 Redundancy State = Non Redundant Mobility MAC = CC:70:ED:15:E8:60 Redundancy Port = UP Maintenance Mode = Enabled Maintenance cause= All ports are down Redundancy Mode = SSO ENABLED Local State = ACTIVE Peer State = UNKNOWN - Communication Down Unit = Secondary (Inherited AP License Count = 0) Unit ID = CC:70:ED:15:E5:30 Redundancy State = Non Redundant Mobility MAC = CC:70:ED:15:E8:60 Redundancy Port = UP BulkSync Status = Pending
I have done all the configuration in one of my WLC 3504 and this one I am going to configure as the primary controller. The second one, what all the configuration to be needed before configuring the HA? If I configure the management IP details and activate the license, then the rest of the configuration will automatically replicate after doing the HA? or we have to do all the configuration in second WLC like the first device before configuring the HA?
Second WLC can be added any time, follow the steps for the secondary device. Make sure you have all the prerequisites are taken care like the Platform type and OS,etc... Once the HA SSO is formed the Primary WLC will push the config and licensing information to the secondary WLC as part of the Bulk sync.
Question, I need to change the Static IP of 100's of AP's on a controller, what's the best way to do this , not interested to do one by one on GUI. thanks
You can always do scripting to do it, but if you are looking for one-time solution then go with Excel. Collect all ap names and use the auto fill in excel to create the CLI for changing the IP. Once you have the CLI for all APs, paste it in WLC CLI.
@@CiscoNetworking I guess I can use Excel since I already have everything in it and this is an ongoing task, we are working on a big size network reclamation stuff, do you have any basic info on WLC CLI command to change IP address of an specific AP name, then I have to figure out on how to automate (auto fill or script) it from Excel.
Configure a static IP address on the access point by entering this command: For IPv4-config ap static-ip enable Cisco_AP ip_address mask gateway For IPv6-config ap static-ip enable Cisco_AP ip_address prefix_length gateway
Sir. I have Cisco controller with HA and located in central location and have configured wlan with enterprise and radius authentication also configured. Now when iphone iOS connect certificate issue coming. Can u tell what is the issue for this plz
Hi! I've got a question to you. Which ip address of controllers we should specify on DHCP server in field of 43 option, when SSO is enable, for initial AP deployment. Both ip address of conrollers managment ip - like in your tube lesson - 9.9.9.10 and 9.9.9.12 or just only one - 9.9.9.10 or something else?
After HA is established, the Secondary configuration will be overwritten by the Bulk Sync happens from the primary. After the bulk sync only one IP will be in action and that will be the Primary one. In our case 9.9.9.10 will be the active IP after HA SSO is established.
May I know, I've 2 wireless AP controller (controller A (i use cisco 4402) & controller B (i use cisco 5508)) If controller A failed, how can controller B recognize all of the AP under controller A? can I use this HA's configuration too? My AP model is Air-LP1242AG-C-K9
@@CiscoNetworking But the problem is the controller A is already failed. It can't be primed now. how can AP's under controller A join the controller B? without having to reboot the AP's
@@anihzahirah9877 Use the DHCP option 43 to give both WLC IPs so that APs will receive both WLC information with the DHCP Offer. Another option is to keep both the WLCs in to a Mobility Group so that all the APs in both of the WLCs will have the information about the second WLC in the Group. When even one of the WLC failed in a Mobility Group will allow the APs to Fall-Back to the next available WLC in the Mobility Group. Hope one of this method will serve your requirement.
What is the WLC model and Code running on WLC. If you are referring to the redundancy option in Monitor page then only after configuration it will start showing the Redundancy status in GUI. Once you configure HA WLC will start showing it in Monitor page.
@@CiscoNetworking Thanks for reply. I have two WLC 2504 WLC1 and WLC2 configure in active and standby. I did a test by shutting down the WLC1, all the APs were moved on WLC2 but where not functioning. Means not giving aways ip or no SSID. Kindly help me to solved the issue.
Excellent video
Thank you very much.
Well explained...🙏🙏🙏🙏..
And wishes you Happy New Year 💐💐💐💐💐
Hello, thanks for video... I did the same as You on our 3504s, but if I put command "sh int sum" at 10:32 than the command shows that both controller have same management IP addresses... if I do box failover (by using command redundancy force-switchover) to test HA than the standby unit become active ) and the "old active unit" starts rebooting but Im unable to reach new active unit via web browser and after once the old primary unit become alave it starts to be active also so both controllers looks active and Im unable to reach any GUI... in this case I can only reload the system with "reset system" commands on the "old primary unit" but both WLCs reloading automatically... and I have no idea why... any ideas? thaks a lot in advance... regards...
Looks like there is something wrong with the HA keepalive mechanism here. It can be because of the cable issue on the RP port. Please check the cabling and make sure there is nothing wrong on the communication side for Management and RP ports. If the HA keepalive mechanism is working as expected then the duel active state will not happen at any point of time
@@CiscoNetworking at this point the devices are connected to each other by using 30cm long patchcable... I rechecked the Cisco´s official article about SSO and found this "The new architecture for HA is for box-to-box redundancy. In other words, 1:1 where one WLC will be in an Active state and the second WLC will be in a Hot Standby state continuously monitoring the health of the Active WLC via a Redundant Port. Both the WLCs will share the same set of configurations including the IP address of the Management interface." so its ok that both WLCs have same management interface IP... I will test today out of office hours again to do force switchover and I will see what will happen... but I dont think that this is ok as after the reload the old primary unit bot WLCs seems to be primary unit... but thanks for reacting my comment here... I apreciate that...
When WLC runs on HA SSO both WLCs are going to share the same IP. Even though the IP is going to be the same the MAC address will change based on the active WLC MAC. So at any point of time we should not have both WLCs in an active state. This can happen only with a broken HA keepalive mechanism.
@@CiscoNetworking seems like that, but if I connect to management IP of primary-active unit as usual, I can see redundancy statistics under "Monitor/Redundancy/Statistics -> Category: All" and there are "Keepalive Couters"/"Network Latencies (RTT) for the Peer Reachability in microsec" etc and also I can see peer statistics under Monitor/Redundancy/Peer Statistics... under "Redundancy/Summary" I Can see that local state is active, peer state is "standby hot" redundancy state "SSO" "Bulk Sync status: complete"... so I think if there is no connection I wouldn´t see all their statistics...
You have to do a little bit more troubleshooting to get the root cause, try to start with the basic HA ones
Are the vlan interfaces (vlan 10, 11) needed to be set on WLC2?
Great video! How do you "break" the HA pair for changing the mgmt IP? Reverse the steps you just showed? So disable sso on tge Primary?
Disable the SSO should be enough
Thank you so much!
Thanks for making wonderful wireless videos. Sir I need theory lectures of wireless also so that my concept are more clear, because all the lectures I am watching are about configuration only.
Please help me with theory also.
What are you exactly looking for?
@@CiscoNetworking I am the beginner in cisco wireless domain. I need theory as well as lab so that concept will be more clear to me.
Will try to do some of them, but really doubt that can meet your requirement. You should try to get a proper CCNA and CWNA instructor lead training to start with a career in Wireless Domain
@@CiscoNetworking Thanks
Hii, thanks for making this video. I need your help. currently, i have plan wireless deployment HA SSO on DC and DRC. WLC 1 on site A and WLC 2 on site B. Is possible we deploy HA SSO with different site ? Because RP need only L2 connectivity right ?
Yes, if you can make sure the layer 2 connectivity between sits meets the requirements.
Hello I have this problem with the primary and secondary controller.
Redundancy Mode = SSO ENABLED
Local State = MAINTENANCE
Peer State = UNKNOWN - Communication Down
Unit = Primary
Unit ID = CC:70:ED:15:E8:60
Redundancy State = Non Redundant
Mobility MAC = CC:70:ED:15:E8:60
Redundancy Port = UP
Maintenance Mode = Enabled
Maintenance cause= All ports are down
Redundancy Mode = SSO ENABLED
Local State = ACTIVE
Peer State = UNKNOWN - Communication Down
Unit = Secondary (Inherited AP License Count = 0)
Unit ID = CC:70:ED:15:E5:30
Redundancy State = Non Redundant
Mobility MAC = CC:70:ED:15:E8:60
Redundancy Port = UP
BulkSync Status = Pending
Your RP port communication between WLCs are down, please fix that issue.
I have done all the configuration in one of my WLC 3504 and this one I am going to configure as the primary controller. The second one, what all the configuration to be needed before configuring the HA? If I configure the management IP details and activate the license, then the rest of the configuration will automatically replicate after doing the HA? or we have to do all the configuration in second WLC like the first device before configuring the HA?
Second WLC can be added any time, follow the steps for the secondary device. Make sure you have all the prerequisites are taken care like the Platform type and OS,etc... Once the HA SSO is formed the Primary WLC will push the config and licensing information to the secondary WLC as part of the Bulk sync.
@@CiscoNetworking thank you 👍
Question, I need to change the Static IP of 100's of AP's on a controller, what's the best way to do this , not interested to do one by one on GUI. thanks
You can always do scripting to do it, but if you are looking for one-time solution then go with Excel. Collect all ap names and use the auto fill in excel to create the CLI for changing the IP. Once you have the CLI for all APs, paste it in WLC CLI.
@@CiscoNetworking I guess I can use Excel since I already have everything in it and this is an ongoing task, we are working on a big size network reclamation stuff, do you have any basic info on WLC CLI command to change IP address of an specific AP name, then I have to figure out on how to automate (auto fill or script) it from Excel.
www.cisco.com/c/en/us/td/docs/wireless/controller/8-8/config-guide/b_cg88/managing_aps.html#ID1992
Configure a static IP address on the access point by entering this command:
For IPv4-config ap static-ip enable Cisco_AP ip_address mask gateway
For IPv6-config ap static-ip enable Cisco_AP ip_address prefix_length gateway
Thank you!
Can you pls do a video on Cisco 9800 WLC HA forn17. Xx code which is RMI RP
Sir. I have Cisco controller with HA and located in central location and have configured wlan with enterprise and radius authentication also configured. Now when iphone iOS connect certificate issue coming. Can u tell what is the issue for this plz
What are you trying to access through iPhone? WLC GUI or the guest access
@@CiscoNetworking any other sites it is asking to trust certificate and not able to share photo or any other media in WhatsApp can chat only
Please get connected in Linkedin for better chat
@@CiscoNetworking sorry sir I don’t have linkedin and have WhatsApp only if u don’t mind plz
Hi! I've got a question to you. Which ip address of controllers we should specify on DHCP server in field of 43 option, when SSO is enable, for initial AP deployment. Both ip address of conrollers managment ip - like in your tube lesson - 9.9.9.10 and 9.9.9.12 or just only one - 9.9.9.10 or something else?
After HA is established, the Secondary configuration will be overwritten by the Bulk Sync happens from the primary.
After the bulk sync only one IP will be in action and that will be the Primary one. In our case 9.9.9.10 will be the active IP after HA SSO is established.
many thanks! Your lessons are very useful. Please, go on!)
May I know, I've 2 wireless AP controller (controller A (i use cisco 4402) & controller B (i use cisco 5508)) If controller A failed, how can controller B recognize all of the AP under controller A? can I use this HA's configuration too? My AP model is Air-LP1242AG-C-K9
Prime all the APs with primary and secondary
@@CiscoNetworking But the problem is the controller A is already failed. It can't be primed now. how can AP's under controller A join the controller B? without having to reboot the AP's
@@anihzahirah9877 Use the DHCP option 43 to give both WLC IPs so that APs will receive both WLC information with the DHCP Offer. Another option is to keep both the WLCs in to a Mobility Group so that all the APs in both of the WLCs will have the information about the second WLC in the Group. When even one of the WLC failed in a Mobility Group will allow the APs to Fall-Back to the next available WLC in the Mobility Group.
Hope one of this method will serve your requirement.
I can not see the redundancy option in my gui. How I can add that
What is the WLC model and Code running on WLC.
If you are referring to the redundancy option in Monitor page then only after configuration it will start showing the Redundancy status in GUI. Once you configure HA WLC will start showing it in Monitor page.
@@CiscoNetworking Thanks for reply. I have two WLC 2504 WLC1 and WLC2 configure in active and standby. I did a test by shutting down the WLC1, all the APs were moved on WLC2 but where not functioning. Means not giving aways ip or no SSID. Kindly help me to solved the issue.
May I know the AP mode and are you using AP SSO or not
@@CiscoNetworking Cisco AIR-AP18521-E-k9
can you please ping me at whats up at 0032 483320366.
Excellent Video