5508 HA-SKU

Hi,
I need to determine how the HA-SKU backup controller configuration is done, how it is different from SSO-HA. I need the procedure to implement.
HA-SKU is different in that it employs two 5508's where one 5508 alone (AIR-CT5508-HA-K9) has the HA designation (can only be the backup). This allows it to receive licensing from another previously licensed 5508 (the primary). This feature was recently introduced in WLC code v7.3 or thereabouts. Appreciate your comments.
Thanks.

all you need is confiugre the redancncy mgmt ip and connect the RP ports back to back or from L2 switch. After that you set it as secondary WLC and enable sso on both WLC. The 2 wlc will reboot, when the secondary wlc with HA-SKU find the active one, it will copy the configuration and will be in standby mode once it is up.
It is pretty simple.

Similar Messages

  • Initial AP rollout on 5508 HA-SKU and N+1 redundancy

    Hi Board,
    I have a 7.4 WLC pair - one as primary and one as secondary WLC. They are not doing AP-SSO.
    I'm aware of all the design and configuration guides, but there are still some questions.
    Primary WLC: 50 AP count / Secondary WLC: 500 AP count (due to HA-SKU).
    Both WLCs are in one Mobility group.
    A factory default AP will discover the WLCs (for example using DHCP 43). Even if the secondary WLC is not discovered in the hunting phase, the primary WLC will tell the AP about it's secondary buddy (mobility group).
    The tie breaker is the WLC capacity - in this case all the APs will join the secondary WLC, because of the 500 AP count.
    As soon as this happens, the 90 day "nagging" timer is started, right?
    So here's the question:
    - Will the 90 day timer stop if the APs are migrated to the primary WLC using primary, secondary per AP config?
    - When will the 90 day timer be reseted?
    How did you guys solve this issue?
    One solution would be to place WLC1 and WLC2 in different mobility groups and only propagate WLC1 (primary) in the hunting phase.
    In this case a brand new AP could not join the network if the primary WLC is unavailable...
    Regards,
    Johannes

    Hi,
    Here is the whole process:
    One WLC has a valid AP Count license and the other WLC has a HA SKU UDI
        1. HA SKU is a new SKU with a Zero AP Count License.
       2.  The device with HA SKU becomes Standby the first time it pairs up.
       3.  AP-count license info will be pushed from Active to Standby.
       4.  On event of Active failure, HA SKU will let APs join with AP-count obtained and will start 90-day countdown. The granularity of this is in days.
        5. After 90-days, it starts nagging messages. It will not disconnect connected APs.
        6. With new WLC coming up, HA SKU at the time of paring will get the AP Count:
            If the new WLC has a higher AP count than the previous, the 90-day counter is reset.
            If the new WLC has a lower AP count than the previous, the 90-day counter is not reset.
           In order to lower AP count after switchover, the WLC offset timer will continue and nagging messages will be displayed after time expiry.
                 Elapsed time and AP-count will be remembered on reboot.
                The factory default HA-SKU controller should not allow any APs to join.
    Regards
    Dont forget to rate helpful posts

  • Controller Failover Scenarios - 5508

    I am putting a design together for a resilient wireless network.
    I have 2 main data center sites
    Site 1 I will have either:
    1 x 5508
    1 x 5508 + HA
    2 x 5508 in N+1 failover
    Site 2 will have just one 5508 controller.
    What failover models are available to me?
    Can I have an option of N+1 with also a failover to Site 2 if Site 1 is down
    From my initial research I think I can can only configure AP's to have a primary and secondary controller configured.
    So think the best model is an HA pair in Site 1 and the 5508 in Site 2
    What I don't understand yet is the controller to controller failover?
    I will be running a guest network out of Site 1 and require the controllers there to be the anchor
    Any advice is appreciated.
    Thanks
    Roger

    You can have various designs:
    Option 1:
    You can have AP's on both WLC's to off load traffic
    Site 1:
    5508 with license
    Site 2:
    5508 with license
    Option 2:
    You have AP's on one WLC and the other is backup
    Site 1:
    5508 with license
    Site 2:
    5508 HA sku
    Option 3:
    You run N+1
    Site 1:
    5508 with license
    5508 HA sku N+1 (Secondary)
    Site 2:
    5508 HA sku N+1 (Tertiary)
    Option 4:
    You run AP and Client SSO
    Site 1:
    5508 license
    5508 HA sku AP SSO
    Site 2:
    5508 HA sku N+1
    Option 5:
    Run both sites with AP SSO
    Site 1:
    5508 license (Primary)
    5508 HA sku AP SSO
    Site 2:
    5508 license (Secondary)
    5508 HA sku AP SSO
    Scott

  • WLC 5508 deployment

    Hi All,
    Currently we have 40 AP in standalone mode, we want to add a controller in our architecture to enhance coverage and set up a policy for autentication with AD.
    I have created a simple test lab with an AP in the lightweight mode and the authentication is fine with a radius server (by using web authentication, 802.1x).
    Now, in case of the WLC crashes I want that the process doesn't stop and the data continues to pass through the AP.
    After reading some cisco documents, I find the "Flexconnect" which is a solution to configure and control APs in a  branch or remote office from the corporate office through a WAN link  without the deployment of a controller in each office.
    Can I use this mode in our internal office ? Knowing that the goal is to avoid centralization of the traffic on the wlc.
    If this mode is not the best could you suggest another please?
    Many thanks in advance

    Yes you can use FlexConnect mode if you wish. This is an alternative when you have only one WLC. What you should maybe look at is a 5508 HA sku WLC. Thus HA sku WLC doesn't require license so it's cheaper and a good alternative to redundancy. You would only need to purchase licenses for your existing WLC and the HA sku WLC can backup up to the max ap count for that device which is 500.
    In the meantime, FlexConnect can work for you, it's just that there are some limitations to FlexConnect than is the AP's were in local mode. You can find that section in the doc you were referencing.
    Sent from Cisco Technical Support iPhone App

  • Getting "Configure VLAN" message when enabling SSO redundancy on 5508 WLC?

    Hello All
    We are installing a secondary 5508 HA-SKU WLC under software version 8.0.100.
    After configuring the primary 5508 (redundancy management ip, peer redundancy management ip, etc) we get the message "Please configure Redundancy Management VLAN before enabling redundancy" when we select SSO enabled.  The redundancy management ips are in the same VLAN as the management ip and this is the default untagged VLAN. What have I missed?
    John.

    Hi Ralph,
    We're running 8.0 in a  WLC 8500 series but nor tagged nor untagged interface is working. This are the scenarios we have tested:
    management interface tagged + switchport trunk tagged + HA tagged + switchport trunk tagged = SSO not working
    management interface tagged + switchport trunk tagged + HA untagged + switchport access = SSO not working
    management interface untagged + switchport trunk native vlan + HA untagged + switchport access = SSO not working
    No scenario is working and in cases 1 and 2 we have lost the associated APs as they only recover in case 3.
    In parallel, after enabling tagged interface in management, the "show ip arp" of the switch shows the IP through the HA interface and the ping is lost outwards WLC and inwards.
    Any suggestion?
    Regards.

  • WLC 7.3 and HA

    case :
    1x 5508 112 ap license
    1x 5508 HA sku
    http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd3504.shtml#combo1
    what does mean:
    With the new WLC coming up, HA SKU at the time of paring will get the AP Count:
    If the new WLC has a higher AP count than the previous, the 90-day counter is reset.
    If the new WLC has a lower AP count than the previous, the 90-day counter is not reset.
    After switchover to a lower AP count, the WLC offset timer will continue and nagging messages will be displayed after time expiry.
    in particular what "an higher AP count than the previous" means?
    after switchover to primary restored wlc (112 licence) the counter is not reset and buying new licences for primary is needed?
    and the difference between HA sku and 50 ap licence for the standby?
    thank you

    N+1 High Availability Overview
    http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html
    With Release 7.4, an  HA-SKU secondary controller can be configured as a backup controller for  N+1 HA. For example, the following can be used as an HA-SKU controller:
    –5508 Series Standalone controller with 50 AP license
    but once primary controller fails and all the AP on primary controller gets register on to the HA-SKU secndary WLC till 90 days it works okay but after 90 days you get the warning message that license are not sufficient to serve AP's
    http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/Licensing.html#wp1054850 - license error

  • Remote 5508 Standby Controller HA-SKU

    How does the standby HA-SKU controller that is located remotely miles away maintains it's heartbeat while serving as backup to multiple sites.
    Sent from Cisco Technical Support Android App

    Hi Michael,
    There are different deployments of HA with the HA-SKU.
    1) You have AP-SSO/Client-SSO this is where the controllers are 1 - 1 sync and not 1 to multiple.
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html
    2) You have HA N+1 backup. This is where the WLC turned into HA converts to MAX licenses and acts like a fullly licensed controller. You can back up 1 to many in this design.
    http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html
    Hope this helps
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
    "Im like bacon, I make your wireless better"

  • WLC 5508 * 2 & Mobility Group

    What I am trying to configure is Mobility Groups.
    My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
    It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
    Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
    Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
    My current config is as follows:-
    WLC 5508 * 2
    WLC 1 - Primary
    WLC 2 - HA SKU (Secondary )
    Redundancy = SSO (Both AP and Client SSO)
    =============
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    Bootloader Version............................... 1.0.20
    Field Recovery Image Version..................... 7.6.101.1
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    System Name...................................... WLC5508
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    Redundancy Mode.................................. SSO (Both AP and Client SSO)
    IP Address....................................... 10.31.66.21
    Last Reset....................................... Software reset
    System Up Time................................... 0 days 22 hrs 39 mins 57 secs
    System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... GB  - United Kingdom
    Operating Environment............................ Commercial (0 to 40 C)
    --More-- or (q)uit
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +38 C
    External Temperature............................. +21 C
    Fan Status....................................... OK
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 1
    Number of Active Clients......................... 0
    Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
    Power Supply 1................................... Present, OK
    Power Supply 2................................... Absent
    Maximum number of APs supported.................. 500
    ============================================
    TA

    TA,
    Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
    Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
    Configuring HA on the AP:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
    Using CPI to push AP configuration templates:
    http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
    Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
    BR, Ala

  • N+1 5508 WLC failover test

    Good day all,
    I have a question about the N+1 5508 failover test:
    Should I shutdown one of the primary WLC to test failover?
    I just setup the N+1 bakcup WLC (5508). B
    Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
    We have two production WLCs both 5508 and one 4405.
    We just purchased another HA-SKU WLC 5508.
    All our four WLCs had been setup into one mobility group in version 7.4.100.6.
    Their neighbors are all up.
    But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
    Here are the log screen:
    ================ From test Access Point============
    *Mar  1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
    *Mar  1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
    *Mar  1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
    *Mar  1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
    *Aug  2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
    *Aug  2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
    *Aug  2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Aug  2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
    *Aug  2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Aug  2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
    *Aug  2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Aug  2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Aug  2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
    *Aug  2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
    *Aug  2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
    -test-ap1#sh int bvI 1
    BVI1 is up, line protocol is up
      Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
      Internet address is 10.255.1.3/24
    ===================From backup N+1 WLC===
    *spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58470).
    *spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP  10:255:1:3 (58469).
    *mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    *spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
    ==================== From one of our Primary WLC=====================
    (WLC-5500) >show advanced backup-controller
    AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
    AP secondary Backup Controller ..................  0.0.0.0
    (WLC-5500) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Primary
             Unit ID = 54:75:D0:DE:DE:40
    Redundancy State = N/A
        Mobility MAC = 54:75:D0:DE:DE:40
    Redundancy Management IP Address................. 0.0.0.0
    Peer Redundancy Management IP Address............ 0.0.0.0  
    Redundancy Port IP Address....................... 0.0.0.0
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (WLC-5500) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            250               203               47
    ==============From the Backup N+1 WLC in DR =====================
    (Cisco Controller) >show redundancy summary
    Redundancy Mode = SSO DISABLED
         Local State = ACTIVE
          Peer State = N/A
                Unit = Secondary - HA SKU
             Unit ID = 6C:41:6A:5F:4C:80
    Redundancy State = N/A
        Mobility MAC = 6C:41:6A:5F:4C:80
    Redundancy Management IP Address................. 10.254.240.3
    Peer Redundancy Management IP Address............ 0.0.0.0
    Redundancy Port IP Address....................... 169.254.240.3
    Peer Redundancy Port IP Address.................. 169.254.0.0
    (Cisco Controller) >show license capacity
    Licensed Feature    Max Count         Current Count     Remaining Count
    AP Count            500               0                 500

    Current AP High Availability Configuration:
    2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
    DC-WiFi-SVC1-LAB(config)#inter
    DC-WiFi-SVC1-LAB(config)#interface por
    DC-WiFi-SVC1-LAB(config)#interface port-
    DC-WiFi-SVC1-LAB(config)#interface port-channel 3
    DC-WiFi-SVC1-LAB(config-if)#shut
    DC-WiFi-SVC1-LAB(config-if)#
    Log in the AP after shutdown:
    Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 2)
    *Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 3)
    *Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 4)
    *Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 7)
    *Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
    ., 8)
    *Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
    *Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
    *Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
    *Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
    *Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
    *Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
    *Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    *Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
    *Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
    *Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
    *Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    APe4d3.f11e.a8e1#         
    3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
    *Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
    *Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    CONCLUSION:
    I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine.

  • HA SKU configuration - N+1

    Hi all,
    In my environment i have 3 cisco 5508 controller with release 7.6 . Two controllers are configured as primary and the third controller is configured as a secondary ha-sku, do not have to configure the peer between primary and secondary, but the redundancy is ensured by the functionality of the backup contoller, right?
    just configure on the primary the backup controller feature and just convert the backup on HA secondary.
    can anyone confirm what I said?

    If I understand your query....
    two WLC are configured as primary WLC for some AP. You have a HA-SKU WLC that is also configured separately. 
    If that is correct, no you do not have to do the RP configuration and link the WLC. You simply need to define the HA-SKU as the secondary for your APs.
    HTH,
    Steve

  • HA SKU N+1 Configuration

    I have a 5508 configured as HA SKU to support a failover up to 500AP's.  My question is around configuring the primary controllers to failover to the HA controller as a backup.  I had planned on configuring this under the AP configuration pointing to the HA controller as the secondary controller for each AP.
    I also see the command that you can issue the following command from the primary controller- config advanced backup-controller primary backup_controller_name backup_controller_IP_address
    How is this different than specifying the HA controller as the secondary controller under the AP configuration?

    If your "fail over" is AP SSO, then configuring primary/secondary controller on the AP is useless. 
    With AP SSO, fail over to the 2nd WLC is "sub-second" while primary/secondary controller is about 6 seconds.

  • Difference between N+1 HA model and traditional secondary/Tertiary Cisco 5508 Model.

    Hi Team
    we are going to implement N+1 HA cisco WLC high availability for that we have procured one WLC 5508.
    However i am not able to find out difference between N+1 and secondary WLC configured under each AP in wireless tab ?
    As per my understanding both are giving the same functionality. Can you please highlight any difference ?
    Thanks....

    Hi Scott
    Thanks a lot for the information .This is very useful.However i need one small clarification..
    There are three redundancy model..
    1+1  where you need one WLC acts HA SKU
    N+1 Where one WLC is backup for all N WLC
    Third and last one is , where we mention the secondary and tertiary WLC under wireless tab.
    So i want to know the difference between second and third option.
    Thanks

  • 7.4 HA-SKU with N+1 Design

    Hello all,
    I was just reviewing the config guide for 7.3 and HA-SSO and then I found out that with 7.4 it allows for an N+1 scenario.
    http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps10315/qa_c67-714540_ps2706_Products_Q_and_A_Item.html
    So my understanding of this is that instead of having say 3 controllers, and each one having a HA-SKU physically attached to it via the Redundancy Port (for a total of 6 WLC), that I can now save some money, and have 3 controllers, and a single HA-SKU controller in place to provide HA redundancy for each (one at a time).
    This obviously is no longer using the RP port, and I'm having some trouble finding a config guide for this new 7.4 feature.
    Does anyone know the requirements/limitations of how to set this up? Or know a link that I can read up on.
    I'm assuming that a base requirement is that all of the active controllers need to be identical config wise and software/hardware (minus IP address etc.).
    Thanks

    When you do N+1 with v7.4 you lose the ability to do AP SSO (comes in a later release) and you also will never get the ability to do Client SSO (that's the current stance anyway).
    You configure your "N" controllers however you want, and you also have to manually configure the "+1" to exhibit whatever config you want too.  The +1 will accept APs up to its hardware limit (500 for 5508 / 1000 for WiSM2 / 6000 for 8510) and it will work just like any other WLC, but it will start nagging you to fix your network after 90 days of an AP being associated.
    Config / functionality details here;
    http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.html

  • WLC 5508 7.4.X - N+1

    Hi,
    I don't undestand this document
    http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html
    How can the third 5508 (suport max 500 AP) backup all other WLC ? n+1 how ?
    With secondary wlc configured in HA-SKU (without AP SSO) the 500 licenze are permanent ?
    who can explain me.. this is a document bug ??

    What they're describing is HA N+1, not HA 1:1 AP SSO.  This option, which is "NON-AP-SSO", allows you to use an HA-SKU or > -50-k9 SKU coverted, to operate as a dedicated +1 WLC in HA.  When using this configuration, this WLC allows the use of the "hardware maximum" of the device: Thus 500 APs for WLC 5508, or 1000APs for a WISM2 (as an example).  Since this WLC can wait as a backup to multiple WLCs, that's why it's not capable of the AP SSO, which requires a 1:1 pairing of the HA WLC with an Active HA WLC.
    When using the HA N+1 the WLC acts the same as the pre AP-SSO "HA" concept; where you had Primary, Secondary Tertiary configs on your APs (which you may still have).  All it is saying is that the N+1 HA WLC can act as one of these Secondary/Tertiary WLCs, much like a WLC you had licenesed for 250 or 500 APs could do previously.
    In the past you would use, lets say a 250 WLC AP as this backup WLC.  Many people were frustrated that they had to have a $60,000 WLC just sitting there "waiting for something to fail".  But that's what it did.  If a WLC failed, lets say one with 100 APs, this backup WLC would take on the APs and use 100 of it's 250 AP license count.  If additional WLCs failed, the process continued until this backup WLC was filled.
    The idea of using the HA-SKU in an N+1 is that while yes, you don't get the 1:1 AP SSO configuration, you are getting more bang for your buck in that this WLC can sit as a backup (as it did in the past) but it can accept up to the maximum it's hardware can handle in terms of AP count, not only what it was permanently licensed for.  Rather than spending $100,00 on a 500 AP count WLC to backup your 2x250 AP count WLCs, why not look at a $50,000 HA-SKU that can "handle" up to 500 APs.
    So given this scenario, this WLC is "backuping up all other WLCs" for whom it is a Secondary/Tertiary WLC backup.
    As far as the HA-SKU "licenese", it's not "permanent" per se.  With an HA SKU in N+1 you have a 90 day timer which will then "nag you" (via console) that this HA WLC is not truly intended to permanently house these APs.  The idea is that if the Primary WLC failed, you would get it back online and then move your APs back to where they belong and return the HA N+1 WLC back to 0 APs.

  • WLC 5508 in HA pair (7.4.121.0) sudden reload

    I have a pair of WLC 5508 in HA pair running version 7.4.121.0, last week I have two sudden reload on my active WLC. Here's the error from my syslog server on the first sudden reload. The second reload has almost the same logs.
    10.x.x.234 - active
    10.x.x.237 - standby
    2014-01-30 17:52:20 Local0.Error 10.x.x.237 WLC-HA01: *rmgrMain: Jan 30 17:52:24.498: #RMGR-3-RED_HEARTBEAT_TMOUT: rmgr_main.c:242 rmgrTmoHeartbeat: Recved GW ping count 6 phyMgr ping count 0.
    2014-01-30 17:52:20 Local0.Emerg 10.x.x.237 WLC-HA01: *rmgrMain: Jan 30 17:52:24.555: #RMGR-0-RED_HA_RELOAD: rmgr_utils.c:198 System reboot: reason: category Sanity check object Self
    2014-01-30 17:52:21 Local0.Emerg 10.x.x.234 WLC-HA01: *rmgrMain: Jan 30 17:52:24.989: #RMGR-0-RED_HA_RELOAD: rmgr_utils.c:188 System reboot: reason: category Peer reload req object Peer
    2014-01-30 17:52:21 Local0.Alert 10.x.x.234 WLC-HA01: *dtlArpTask: Jan 30 17:52:25.106: #DTL-1-IP_CONFLICT_DETECTED: dtl_net.c:4857 Network device with mac addr 7c:ad:74:8d:6b:0f using IP address of local interface
    Cisco TAC recommends to disable monitoring the default gateway.
    --> config redundancy management-gateway-failover disable
    I was wondering if someone has the issue with what I have.
    Second issue I have is when it fails over to the standby WLC, I do get a web-auth certificate error from the WLC when clients login. This only happens after a sudden reload. If I do a redundancy force-switchover during maintenance window, the certificate error doesn't show up. To fix the certificate error I have to bounce both WLCs one after the other.
    Thanks in advance.

    Hi,
    I exeprienced a reload problem in standby WLC, with HA in release 7.6.100.0.
    I use a dedicated VLAN to transport the redundancy sync and info, 'cause the two WLCs are in different buildings.
    The standby WLC reload continuously 'cause it doesn,t find the default gateway.
    (Cisco Controller-Standby) >show redundancy summary
                Redundancy Mode = SSO ENABLED
                    Local State = STANDBY HOT
                     Peer State = ACTIVE
                           Unit = Secondary - HA SKU (Inherited AP License Count = 500)
                        Unit ID = 00:06:F6:DB:E3:E0
               Redundancy State = SSO (Both AP and Client SSO)
                   Mobility MAC = 58:8D:09:CD:81:C0
    Management Gateway Failover = ENABLED (Management GW failover would be operational in few moments)
    Average Redundancy Peer Reachability Latency = 621 usecs
    Average Management Gateway Reachability Latency = 0 usecs
    Redundancy Management IP Address................. 40.231.36.6
    Peer Redundancy Management IP Address............ 40.231.36.5
    Redundancy Port IP Address....................... 169.254.36.6
    Peer Redundancy Port IP Address.................. 169.254.36.5
    Rebooting as default GW is not reachable from Standby Controller
    Restarting system. Reason: Default Gateway is not reachable ..
    The problem is that the WLC tries to ping the DGW using the primary IP management address belonging to the active WLC, so we have duplicated IP problem, ARP problem and so on .....
    The standby WLC should use the redundancy managemet address to ping the default gateway, instead the primary IP management address!!!!!!
    So the workaround is the CLI command :
    config redundancy management-gateway-failover disable
    on the primary WLC, via console or in SSH.
    When the standby will reload it will inherit the config from the active primary WLC
    (Cisco Controller-Standby) >show redundancy summary   
                Redundancy Mode = SSO ENABLED
                    Local State = STANDBY HOT
                     Peer State = ACTIVE
                           Unit = Secondary - HA SKU (Inherited AP License Count = 500)
                        Unit ID = 00:06:F6:DB:E3:E0
               Redundancy State = SSO (Both AP and Client SSO)
                   Mobility MAC = 58:8D:09:CD:81:C0
    Management Gateway Failover = ENABLED (Management GW failover is disabled as it is DISABLED on the Peer)
    Average Redundancy Peer Reachability Latency = 666 usecs
    Average Management Gateway Reachability Latency = 0 usecs
    Redundancy Management IP Address................. 40.231.36.6
    Peer Redundancy Management IP Address............ 40.231.36.5
    Redundancy Port IP Address....................... 169.254.36.6
    Peer Redundancy Port IP Address.................. 169.254.36.5
    The workaround works in my experience.

Maybe you are looking for

  • Random Corruption Message...

    I would turn on my MBP (with the iPod connected) and everything with load perfectly; iTunes would open and detect my iPod flawlessly. However, while my computer would be on randomly a corruption message would come up and my iPod would be disconnected

  • Compare the current value with the previous value in the same column

    Hi all, I have to include a statement in a query which allows to compare the current value of column A with the previous value of column A (same column). from there, I need to add a condition in order to have the expected result. Let's take an exampl

  • New computer files transfer

    Just bought a new macbook and wanting to transfer files from an imac (which has OX10.2.8) using firewire cord. When I have the imac set up as an external drive (icon showing) I get a message on the macbook saying that the imac does not have OS X (whi

  • Stuck key on my Blackberry

    the #5 key is stuck ~ what can I do?j

  • My iCal responds with an error.

    My iCal is constantly reporting an error.  It says, The server responded with an error.  The request for account ATT failed.  The server responded "502" to operation CalDAVAccountRefreshQueableOperation.  Help!!  how do I fix this????