Hi, I would like to know how to connect WLC 9800 HA pair when RP is not back to back I mean RP port will be connected to VSS switch and they are in different rooms. My doubt is how I have to configure switch port to allow controller see each other and establish the HA.
generally in this scenario you need to create a dedicated VLAN for the RP connection/ Configure your switch port as access in this vlan and physically connect this port to RP. The vlan does not need to be unique in your environment but it is better to not use it anywhere else.
To be honest I don't know right now. Can do soem research and come back. However channel 36 usage is allowed and 64 in UNI-II but you can use DFS feature and pretty much use these channels.. curious what is your use case ?
hello SDN, i have a question, when my active controller (.71) turn down my standby(.72) becomes a active, and it takes the IP adress from the 1st active (.71) . But when i turn on my 1st active (.71) it stay like N/A, it doesnt appear anything in the interface web, only appear like a device without mac address and the my active dont become a standy again ...which trouble do you think i have with my conf? thank you
I am so glad that you asked... you should be looking at RMI feature, that is my next video but here is the Cisco documentation - www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/config-guide/b_wl_17_11_cg/b_wl_16_12_cg_chapter_01111111.html
Can you create SSO HA pair after configs exist on Primary controller? Or, must build HA pair prior to applying any configs? Ie; let's say you start with a single controller, and later decide to purchase another for SSO?
Hi @sdntechforum, I have a pair of c9800 in sso redundancy. I need to change the hostname. Do i have to break the sso to change the hostname of the secondary? Or a hostname command in the cli of the primary is enough as the hostname of the secondary doesnt seem to appear anywhere after redundancy is configured. And if i do break the sso will i be able to access the secondary wlc using the original mgmt ip. The hostname change is just to conform to the company standards..
Thanks for the question. VIP is floating ip between Primary and Secondary. When Configured on secondary remote ip will become Local IP hence order is reversed.
In HA, should the management interface for both device be the same? what if the primary goes down. we need to access the secondary with a different IP?
If both are setup in HA pair, the primary management IP you set will be the management IP for both controllers to be accessed when one becomes active. However, if you are running RMI+IP, you need 3 IPs. 1) for primary management IP which will be used on both controllers when either one becomes active (x.x.x.9) 2) for the primary controller's secondary redundancy access (x.x.x.10) and 3) an IP for the secondary controller's redundancy access (x.x.x.11). When you configure RMI+IP, it sets both redundancy IPs for the primary and secondary controllers. You'll see the redundancy IPs under your assigned management vlan. For example, if your management vlan is 2000 and you configured RMI+IP, if you do a show run int vlan 2000, you'll see another IP with the word secondary at the end of it. That was configured when you did _redun-management interface vlan2000 chassis 1 address x.x.x.10 chassis 2 address x.x.x.11._ This is your redundancy IPs for both controllers. I hope this helped make sense 6 months later.
Hi SDN, I would like to verify some config you made in Administration tab when you enable the HA of the controllers. Which IP Address should I encode for the Local IP and Remote IP? Because it is different from the IP addresses of your controllers. Can you clarify this? Thank you and appreciate your response and more power to you.
@@SDNTechForum Hello SDN, very nice content. by the way, do you have available this base config for primary and secondary 9800 that you can share ? thanks in advance,
Hi ,I am connecting RP port back to back and code is 16.12 and I am not able to get success in HA..any idea what I am missing here ? I have followed same steps .I am running vss in distro switch and connecting each wlc with each vss switch and created two port channel one for each wlc for ex po1 and po2 .Could you confirm me if I am doing something wrong here which is not allowing HA to form .Thanks
@@SDNTechForum that was my next step .Thanks ..but in your video your topology is different and you are using only one port channel i.e po3 ..does it make any difference?
For Cisco Catalyst 9800 Wireless LAN Controller (WLC) redundancy, there are different deployment models, but generally, both controllers should be on the same network or at least have network connectivity with each other. This is to ensure that they can communicate for redundancy protocols like Stateful Switchover (SSO) to work correctly. There are two main redundancy models for the Cisco Catalyst 9800 WLC: 1. SSO Redundancy: In this mode, there is an active WLC and a standby WLC. The standby controller continuously synchronizes data and state information with the active controller. Upon a failure of the active WLC, the standby WLC takes over without requiring re-authentication of clients and access points (APs). For SSO to work effectively, both controllers must have direct IP reachability, which typically means they are on the same subnet or network segment to minimize latency and ensure reliable communication. 2. N+1 Redundancy: This is a form of redundancy where 'N' number of WLCs are actively managing APs and clients, and there is one additional WLC acting as a backup for one or more controllers in the event of a failure. In N+1 redundancy, the backup WLC can be on a different network segment, but it should still have network connectivity to the managed APs to take control of them if the primary WLC fail
![ง้อ (ALRIGHT) - FOURTH [ TEASER ]](http://i.ytimg.com/vi/ya6MBfo-Wvg/mqdefault.jpg)
Good job, appreciation
Fantastic
thank you.
Thank you ! :D
Hi, I would like to know how to connect WLC 9800 HA pair when RP is not back to back I mean RP port will be connected to VSS switch and they are in different rooms. My doubt is how I have to configure switch port to allow controller see each other and establish the HA.
generally in this scenario you need to create a dedicated VLAN for the RP connection/ Configure your switch port as access in this vlan and physically connect this port to RP. The vlan does not need to be unique in your environment but it is better to not use it anywhere else.
thanks for the last answer, it helped me , thank you too much
do you know the steps for eliminate chanels 36-64 on the 5Ghz band?
To be honest I don't know right now. Can do soem research and come back. However channel 36 usage is allowed and 64 in UNI-II but you can use DFS feature and pretty much use these channels.. curious what is your use case ?
@@SDNTechForum my client want to get those chanels free cause they have another provider that use for a platform
hello SDN, i have a question, when my active controller (.71) turn down my standby(.72) becomes a active, and it takes the IP adress from the 1st active (.71) . But when i turn on my 1st active (.71) it stay like N/A, it doesnt appear anything in the interface web, only appear like a device without mac address and the my active dont become a standy again ...which trouble do you think i have with my conf? thank you
I am so glad that you asked... you should be looking at RMI feature, that is my next video but here is the Cisco documentation - www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/config-guide/b_wl_17_11_cg/b_wl_16_12_cg_chapter_01111111.html
Can you create SSO HA pair after configs exist on Primary controller? Or, must build HA pair prior to applying any configs? Ie; let's say you start with a single controller, and later decide to purchase another for SSO?
Hi @sdntechforum,
I have a pair of c9800 in sso redundancy. I need to change the hostname. Do i have to break the sso to change the hostname of the secondary? Or a hostname command in the cli of the primary is enough as the hostname of the secondary doesnt seem to appear anywhere after redundancy is configured. And if i do break the sso will i be able to access the secondary wlc using the original mgmt ip.
The hostname change is just to conform to the company standards..
What is the virtual ip here ? Also what is local ip and remote ip ? Why it gave in reverse order for secondary ?
Thanks for the question. VIP is floating ip between Primary and Secondary. When Configured on secondary remote ip will become Local IP hence order is reversed.
I have to configured 2 wlc in active active mode. HA on wan link then how I can configure?
In HA, should the management interface for both device be the same? what if the primary goes down. we need to access the secondary with a different IP?
If both are setup in HA pair, the primary management IP you set will be the management IP for both controllers to be accessed when one becomes active. However, if you are running RMI+IP, you need 3 IPs. 1) for primary management IP which will be used on both controllers when either one becomes active (x.x.x.9) 2) for the primary controller's secondary redundancy access (x.x.x.10) and 3) an IP for the secondary controller's redundancy access (x.x.x.11).
When you configure RMI+IP, it sets both redundancy IPs for the primary and secondary controllers. You'll see the redundancy IPs under your assigned management vlan. For example, if your management vlan is 2000 and you configured RMI+IP, if you do a show run int vlan 2000, you'll see another IP with the word secondary at the end of it. That was configured when you did
_redun-management interface vlan2000 chassis 1 address x.x.x.10 chassis 2 address x.x.x.11._ This is your redundancy IPs for both controllers. I hope this helped make sense 6 months later.
Hi SDN, I would like to verify some config you made in Administration tab when you enable the HA of the controllers. Which IP Address should I encode for the Local IP and Remote IP? Because it is different from the IP addresses of your controllers. Can you clarify this? Thank you and appreciate your response and more power to you.
Let me upload the config on my git page and share that with you.
Hi SDN TechForum. follow up on this please
@@SDNTechForum Hello SDN, very nice content. by the way, do you have available this base config for primary and secondary 9800 that you can share ? thanks in advance,
Hi ,I am connecting RP port back to back and code is 16.12 and I am not able to get success in HA..any idea what I am missing here ?
I have followed same steps .I am running vss in distro switch and connecting each wlc with each vss switch and created two port channel one for each wlc for ex po1 and po2 .Could you confirm me if I am doing something wrong here which is not allowing HA to form .Thanks
I do not think you are doing anything wrong there..try upgrading to 17.3.3
@@SDNTechForum that was my next step .Thanks ..but in your video your topology is different and you are using only one port channel i.e po3 ..does it make any difference?
both controller must be in the same net?
For Cisco Catalyst 9800 Wireless LAN Controller (WLC) redundancy, there are different deployment models, but generally, both controllers should be on the same network or at least have network connectivity with each other. This is to ensure that they can communicate for redundancy protocols like Stateful Switchover (SSO) to work correctly.
There are two main redundancy models for the Cisco Catalyst 9800 WLC:
1. SSO Redundancy: In this mode, there is an active WLC and a standby WLC. The standby controller continuously synchronizes data and state information with the active controller. Upon a failure of the active WLC, the standby WLC takes over without requiring re-authentication of clients and access points (APs). For SSO to work effectively, both controllers must have direct IP reachability, which typically means they are on the same subnet or network segment to minimize latency and ensure reliable communication.
2. N+1 Redundancy: This is a form of redundancy where 'N' number of WLCs are actively managing APs and clients, and there is one additional WLC acting as a backup for one or more controllers in the event of a failure. In N+1 redundancy, the backup WLC can be on a different network segment, but it should still have network connectivity to the managed APs to take control of them if the primary WLC fail