Configure Catalyst 9800 Wireless Controllers in High Availability (HA) Client Stateful Switch Over (SSO) Contents Introduction Background information Restrictions Prerequisites Requirements Components Used Configure HA on 9800 WLC Hardware Based Network Diagram Configurations Configure HA on virtual 9800 WLCs Network Diagram Configurations Set Up the Virtual Redundancy Network Set HA Configuration Enable Console Access to Standby 9800 WLC Force Switchover Break HA Clear HA Configuration in Both 9800 WLCs Peer Timeout Configuration Verify Troubleshoot Introduction This document describes how to configure a pair of 9800 WLCs (Either hardware or virtual based) in HA SSO. Background information The redundancy explained on this document is 1:1, which means that one of the box will be in Active State while the other one will be in Hot Standby. If the active box is detected to be unreachable, the Hot Standby unit will become Active and all the APs and clients will keep its service through the new active box. Once both boxes are synchronized with each other, the standby 9800 WLC will mimic its configuration with the primary box. Any configuration change is done on the active unit will be replicated to the standby unit via the Redundancy Port (RP).
22
Embed
Configure Catalyst 9800 Wireless Controllers in High ... · Configure Catalyst 9800 Wireless Controllers in High Availability (HA) Client Stateful Switch Over (SSO) Contents Introduction
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Configure Catalyst 9800 Wireless Controllersin High Availability (HA) Client StatefulSwitch Over (SSO) Contents
IntroductionBackground informationRestrictionsPrerequisitesRequirementsComponents UsedConfigure HA on 9800 WLC Hardware BasedNetwork Diagram ConfigurationsConfigure HA on virtual 9800 WLCsNetwork DiagramConfigurationsSet Up the Virtual Redundancy NetworkSet HA ConfigurationEnable Console Access to Standby 9800 WLCForce SwitchoverBreak HAClear HA Configuration in Both 9800 WLCsPeer Timeout ConfigurationVerifyTroubleshoot
Introduction
This document describes how to configure a pair of 9800 WLCs (Either hardware or virtual based)in HA SSO.
Background information
The redundancy explained on this document is 1:1, which means that one of the box will be inActive State while the other one will be in Hot Standby. If the active box is detected to beunreachable, the Hot Standby unit will become Active and all the APs and clients will keep itsservice through the new active box.
Once both boxes are synchronized with each other, the standby 9800 WLC will mimic itsconfiguration with the primary box. Any configuration change is done on the active unit will bereplicated to the standby unit via the Redundancy Port (RP).
Configuration changes are no longer allowed to be performed on the standby 9800 WLC.
Besides the synchronization of the configuration between boxes, they also synchronize the APs inUP state (not APs in downloading state or APs in DTLS handshaking), clients in RUN state (thismeans that if there is a client in Web Authentication required state and a switchover occurs, thatclient will have to restart its association process), RRM configuration along other settings.
Restrictions
Prior to enabling HA between two 9800 WLCs ensure these you perform these validations:
Both devices must be of same PID. In case of 9800-CL, ensure the hosting environment(ESXi or KVM or ENCS) is same for both instances.
●
Both devices must run the same version of software.●
Both devcies must be running in same Installation Mode (Either Bundle or Install)●
Both devices should have redundant IPs in the same subnet. IP address used for redundancyshould be L2 unroutable.
●
Both devices must have their own wireless management interface●
Wireless management interface of both devices must belong to the same VLAN/subnet. ●
In case of 9800-CL, Verify same CPU, memory and harddisk resources are allocated to bothinstances.Verify VM snapshot is disabled for both instances.
●
Prerequisites
Requirements
Before you attempt this configuration, Cisco recommends that you have knowledge of 9800 WLCbasic operation.
Components Used
The information in this document is based on these software and hardware versions:
Virtual 9800-CL WLC v16.10●
9800-40 WLC v16.10●
The information in this document was created from the devices in a specific lab environment. All ofthe devices used in this document started with a cleared (default) configuration. If your network islive, make sure that you understand the potential impact of any command.
Configure HA on 9800 WLC Hardware Based
Network Diagram
This document is based on this topology:
Configurations
Redundancy SSO is enabled by default but you still need to configure the communication betweenthe boxes.
Before configuring any step, ensure both boxes are running the same version.
Step 1. Have both 9800 WLCs to the network and ensure they are reachable to each other.
Wireless management interface from both boxes must belong to the same VLAN and subnet.
Step 2. Connect both 9800 WLC to each other through its RP port.
There are two options to connect both 9800 WLCs to each other, choose the one that fits youmore.
RP - RJ45 10/100/1000 redundancy ethernet port●
RP - 10-GE SFP port●
Note: In IOS-XE 16.10 to 16.12, it is recommended to connect the 9800s Redundancy Portto the same switch where the management connection of the 9800 is connected too. This isbecause there is no verification for the gateway reachability yet in these versions.Connecting back-to-back will work but will cause higher chances of 9800 controllers beingactive-active when connected that way
Step 3. Assign the redundancy IP address to both 9800 WLCs
GUI:
Navigate to Administration > Device > Redundancy. Uncheck Clear Redundancy Config andenter the desired IP address. Both boxes should have its own IP address and both should belongto the same subnet.
To manually specify which box must be the active 9800 WLC you have to set the Chassis priorityeither by GUI or CLI. The chassis with the higher priority is selected as primary.
GUI:
CLI:
16.10
# chassis 1 priority <1-15>
16.11
# chassis 1 priority <1-2>
If you do not choose a specific box to be active, the boxes themselves will elect Active based onlowest MAC address
You can verify the current configuration with this command:
Step 1. Open your vCenter client and navigate to Host > Configuration > Networking > AddNetworking...
Step 2. Select Virtual Machine and click Next.
Step 3. Select Create a vSphere standard switch and click Next.
Step 4. Optionally customize the Network Label parameter. After that click Next.
Step 5. Finish the wizard.
Step 6. Link an interface from both virtual 9800 WLCs (one of every virtual 9800 WLC) to theRedundancy Network.
Right click the virtual 9800 WLC and click Edit Settings...
Select one of the network adapters available and assign it to the Redundancy Network, after thatclick OK.
Do the same for both machines.
Set HA Configuration
Before performing any further configuration ensure that the wireless management interface fromboth boxes belong to the same VLAN and subnet and are reachable with each other. Also verifythat both boxes are running the same version.
Step 1. Assign the redundancy IP address to both 9800 WLCs
GUI:
Navigate to Administration > Device > Redundancy. Uncheck Clear Redundancy Config andenter the desired IP address. Both boxes should have its own IP address and both should belongto the same subnet.
9800 WLC-1
9800 WLC-2
Note: Notice that for HA Interface GigabitEthernet3 was selected. It is because the 3rdinterface of the virtual machine is the one associated to the Redundancy Network. Thisinterface is used to enable communication between the two boxes before IOSd boots up,transport of HA control messages (such as role selection, keep-alives and so on) andprovide the transport for Interprocess Communication (IPC) between the two boxes.
Note: Once you have selected the GigabitEthernet 3 interface to be used as HA, after youreboot the box (even if HA is not built between two 9800 WLCs) you will no longer see this
interface listed in the output of show ip interface brief or any other command that showsthe 9800 WLC's interfaces, this is because that interface is now marked for HA only.
Step 2. (Optional) To manually specify which box must be the active 9800 WLC you have to setthe Active Chassis Priority either by GUI or CLI. The chassis with the higher priority is selectedas primary.
GUI:
CLI:
# chassis 1 priority <1-15>
If you do not specify a specific box to be active, the boxes themselves will choose which one isthe primary active 9800 WLC.
Once you enable HA and one of the boxes is assigned as active and the other one as standby hot,by default you are not allowed to reach exec mode (enable) on the standby box. To enable it, loginby SSH/console to the active 9800 WLC and enter these commands:
# config t
# redundancy
# main-cpu
# standby console enable
# end
Force Switchover
If you want to force a switchover between boxes you can either manually reboot the active 9800WLC or run this command:
# redundancy force-switchover
Break HA
Clear HA Configuration in Both 9800 WLCs
In order to break HA on both boxes you can perform these steps.
Step 1. Clear HA configuration of the current active 9800 WLC and force a redundancy switchover(It will reboot the current active 9800 WLC, it boots back up with HA configuration cleared)
16.10:
Active-9800 WLC# chassis clear
WARNING: Clearing the chassis HA configuration will resultin the chassis coming up in Stand
Alone mode after reboot.The HA co nfiguration will remain the same on other chassis. Do you wish
to continue? [y/n]? [yes]: y
Active-9800 WLC# redundancy force-switchover
16.11
Active-9800 WLC# clear chassis redundancy
Step 2. Once the standby 9800 WLC becomes active login to it and clear the redundancyconfiguration.
new-Acitve-9800 WLC# chassis clear
WARNING: Clearing the chassis HA configuration will resultin the chassis coming up in Stand
Alone mode after reboot.The HA co nfiguration will remain the same on other chassis. Do you wish
to continue? [y/n]? [yes]: y
Step 3. Update the IP address of the new active 9800 WLC. Optionally you can also update itshostname.
new-Acitve-9800 WLC# config t
new-Acitve-9800 WLC# hostname <new-hostname>
new-Acitve-9800 WLC# interface <wireless-mgmt-int-id> new-Acitve-9800 WLC# ip address <a.b.c.d>
<a.b.c.d>
new-Acitve-9800 WLC# exit
Step 4. Save the configuration and reload the new Active 9800 WLC
new-Acitve-9800 WLC# write
new-Acitve-9800 WLC# reload
After that the 2nd box reboots and comes back with new IP address configuration (to avoid IPaddress duplication with the former HA 9800 WLC) and with HA configuration cleared. The originalactive 9800 WLC keepts its original IP address.
Peer Timeout Configuration
Active and standby chassis send keep alives messages to each other to ensure both stillavailable. Peer timeout is used to determine peer chassis is lost if it does not receive any keepalive message from peer chassis in the configured peer timeout.
Default timeout is 500ms but is configurable through CLI. The configured timeout value syncs tostandby 9800 WLC.
Use this command to customize this timer:
# chassis timer peer-timeout <500-16000 msec>
If you need to clear the configured timer you can use this command:
# chassis timer peer-timeout default
Verify
Once both 9800 WLC rebooted and are synced to each other you can console into them and veritytheir current state with these commands:
9800 WLC-1# show chassis
Chassis/Stack Mac Address : 00a3.8e23.a240 - Local Mac Address
Mac persistency wait time: Indefinite
Local Redundancy Port Type: Twisted Pair
H/W Current
Chassis# Role Mac Address Priority Version State IP