Welcome to another one of our blogs on configuring the new Cisco Catalyst 9800 WLC.
This time we are going to take you through configuring 2 x C9800-CLs for redundancy HA SSO.
First here is an overview of my home lab setup:
I currently have 2 x ESXi servers and a C9800CL on each of them – what it is important to point out below here is that I have VLAN 12 configured to use for my L2 redundancy ports between the WLCs.
Interface Gigabit Ethernet 3 will be used for the L2 HA in this setup:
Just want to point out here that at this stage we have 3 x interfaces – Gigabit Ethernet 1 – 3:
I then began the redundancy configuration on both of the WLCs.
On the primary WLC I specified the “local IP” as the IP address I had just set up on VLAN 12 and the remote IP address of the secondary WLC that I had just created on VLAN 12.
HA interface I have used Gigabit Ethernet 3.
I wanted the WLC on the left to be the primary WLC so I set the active chassis priority to higher than the secondary WLC on the right:
After I applied the configuration I then saved the config and reloaded both of the WLCs at the same time, crossed my fingers and prayed to the wireless networking gods! 😀
A few minutes later…
We can see now that the WLCs have rebooted and successfully formed an HA SSO pair. You can now also see a new dropdown on the dashboard to flip between active and standby stats:
Note the G3 interface is gone after forming a HA:
Also note that HA/SSO is required to take advantage of a very nice new featur of the C9800 series WLCs, which is the “always on” feature from its hitless upgrades.
Here is how it works:
- The controller automatically selects groups of APs that can be upgraded, while other nearby APs will still provide coverage to the clients
- RRM is used to determine AP neighbors that can provide redundant client coverage
- The aggressiveness of these groupings is configurable.
- You can have many groups (few APs per group), with very minimal coverage impact, but it will take a long time to complete.
- Or you can have fewer groups (more APs per group) with a greater chance for coverage impact but will complete much more quickly
- The secondary Controller is upgraded to the new software version and rebooted
- The controller uses 802.11v to shuffle clients away from the APs in the first group so that they can be rebooted without impacting the clients
- Clients not supporting 802.11v will get ungracefully kicked off the AP
- The controller moves those APs to the new controller, thus upgrading the AP code when they join
- Once upgraded and controller-joined, clients may join these APs
- The same process is automatically repeated for all successive groups of APs
- Once all APs are moved to the N+1 controller, the code is upgraded on the primary controller and it is rebooted
- Once the primary controller is back online, the APs can optionally be moved back to the primary controller
There you go – that is how you set up and configure your virtual C9800CLs for HA/SSO – hopefully this blog saves you a bit of time if you ever need to do something similar!
PS. Shout out to Ashley Georgeson who helped with this 🙂