Introduction
High Availability (HA) with Stateful Switchover (SSO) is a redundancy feature in the Cisco Catalyst 9800 Series WLCs that provides continuous wireless service by ensuring that if the primary WLC fails, a secondary (standby) WLC can take over with minimal disruption. The key to this seamless switchover is the continuous synchronization of the WLCs, allowing the standby controller to immediately pick up where the primary left off.
Description
Pairing of Primary and Standby Controllers: In an HA SSO setup, two WLCs are paired together: one acts as the primary controller, and the other as the standby (secondary) controller. These controllers are connected over a dedicated redundancy link, usually through their RP (Redundancy Port).
Stateful Synchronization: The primary WLC constantly synchronizes its state with the standby WLC. This includes client sessions, AP information, configurations, and ongoing processes. The standby WLC maintains an up-to-date copy of all the information and states necessary to take over immediately if the primary WLC fails.
Failover Process: If the primary WLC fails (due to hardware issues, software crashes, or other failures), the standby WLC automatically detects the failure. The standby WLC then takes over as the active controller, handling all client sessions, APs, and configurations without requiring the clients to reauthenticate or reconnect.
Seamless Transition: Because of the stateful synchronization, the switchover is nearly seamless, with minimal impact on client sessions and network services. Clients and APs experience little to no downtime, and ongoing network operations continue without significant interruption.
Monitoring and Health Checks: The WLCs continuously monitor each other’s health over the redundancy link. If either controller detects a failure, the switchover is triggered. Both WLCs also perform regular health checks on their own systems to ensure they are ready to take over if needed.
Benefits
Description
High Availability: Ensures continuous wireless network service with minimal downtime, even in the event of a controller failure.
Seamless Client Experience: Clients remain connected during a switchover, with no need for reauthentication or reconnection, providing a smooth user experience.
Redundancy: Offers a redundant setup where two controllers are prepared to handle network traffic, enhancing network resilience.
Minimized Impact: The failover process is designed to be fast and transparent, reducing the impact on network performance and operations.
Scalability: HA SSO allows for scalable deployment in critical environments like large campuses, hospitals, or enterprises where network uptime is essential.
The CLI output below shows the default configuration of a C9800 WLAN controller.
-
–
show interface status
Port Name Status Vlan Duplex Speed Type
Te0/0/0 notconnect 1 full auto unknown media type
Te0/0/1 notconnect 1 full auto unknown media type
Te0/0/2 notconnect 1 full auto unknown media type
Te0/0/3 notconnect 1 full auto unknown media type
show running-config
Building configuration...
Current configuration : 9809 bytes
!
! Last configuration change at 12:03:10 UTC Tue May 28 2024
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname WLC
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
vtp mode off
vtp version 1
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
diagnostic bootup level minimal
!
!
!
redundancy
mode sso
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
class-map match-any AVC-Reanchor-Class
match protocol cisco-jabber-audio
match protocol cisco-jabber-video
match protocol webex-media
match protocol webex-app-sharing
match protocol webex-control
match protocol webex-meeting
match protocol wifi-calling
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface TenGigabitEthernet0/0/0
no negotiation auto
!
interface TenGigabitEthernet0/0/1
no negotiation auto
!
interface TenGigabitEthernet0/0/2
no negotiation auto
!
interface TenGigabitEthernet0/0/3
no negotiation auto
!
interface GigabitEthernet0
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
!
ip tftpp source-interface GigabitEthernet0
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
login
transport input ssh
line vty 5 15
login
transport input ssh
!
!
!
!
!
!
wireless aaa policy default-aaa-policy
wireless cts-sxp profile default-sxp-profile
wireless profile airtime-fairness default-atf-policy 0
wireless profile flex default-flex-profile
description "default flex profile"
wireless profile mesh default-mesh-profile
description "default mesh profile"
wireless profile multi-bssid default-multi-bssid-profile
description "Default multi bssid profile"
wireless profile radio default-radio-profile
description "Preconfigured default radio profile"
wireless profile policy default-policy-profile
description "default policy profile"
wireless tag site default-site-tag
description "default site tag"
wireless tag policy default-policy-tag
description "default policy-tag"
wireless tag rf default-rf-tag
description "default RF tag"
wireless fabric control-plane default-control-plane
ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold low
rate RATE_12M supported
rate RATE_24M supported
rate RATE_6M supported
tx-power v1 threshold -65
no shutdown
ap dot11 24ghz rf-profile High_Client_Density_rf_24gh
description "pre configured High Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold medium
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
tx-power min 7
no shutdown
ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh
description "pre configured Typical Client Density rfprofile for 2.4gh radio"
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
no shutdown
ap dot11 24ghz rate RATE_12M supported
ap dot11 24ghz rate RATE_24M supported
ap dot11 24ghz rate RATE_6M supported
ap dot11 6ghz rf-profile default-rf-profile-6ghz
description "default rfprofile for 6GHz radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 5gh radio"
high-density rx-sop threshold low
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
tx-power v1 threshold -60
no shutdown
ap dot11 5ghz rf-profile High_Client_Density_rf_5gh
description "pre configured High Client Density rfprofile for 5gh radio"
high-density rx-sop threshold medium
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M disable
rate RATE_9M disable
tx-power min 7
tx-power v1 threshold -65
no shutdown
ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh
description "pre configured Typical Density rfprofile for 5gh radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz rate RATE_12M mandatory
ap dot11 5ghz rate RATE_24M mandatory
ap dot11 5ghz rate RATE_6M mandatory
ap dot11 6ghz rrm monitor measurement 600
ap tag-source-priority 2 source filter
ap tag-source-priority 3 source ap
ap profile default-ap-profile
description "default ap profile"
trapflags ap crash
trapflags ap noradiocards
trapflags ap register
end
Topology
The following topology has been used for this guide. A layer 3 switch is responsible for the routing between all subnets and it also handles all layer 2 traffic. The WLCs and the AP are connected to the switch. The WLCs are interconnected via the Redundancy Port (RP).
The following configuration has been used on the layer 3 switch.
-
–
LABSW01
hostname LABSW01
!
ip routing
!
ip domain name configure-networks.com
ip dhcp excluded-address 172.16.5.1 172.16.5.11
ip dhcp excluded-address 172.16.4.1 172.16.4.11
ip dhcp excluded-address 172.16.3.1 172.16.3.11
!
ip dhcp pool CLIENTS10
network 172.16.4.0 255.255.255.0
default-router 172.16.4.1
dns-server 8.8.8.8
!
ip dhcp pool CLIENTS20
network 172.16.5.0 255.255.255.0
default-router 172.16.5.1
dns-server 8.8.8.8
!
ip dhcp pool WLAN-MGMT
network 172.16.3.0 255.255.255.0
default-router 172.16.3.1
dns-server 8.8.8.8
!
!
vtp mode transparent
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-5 priority 4096
!
!
vlan 2
name NWMGMT
!
vlan 3
name WLAN-MGMT
!
vlan 4
name CLIENTS10
!
vlan 5
name CLIENTS20
!
!
interface Port-channel1
description LABWLC1-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
!
interface Port-channel2
description LABWLC2-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
!
!
interface GigabitEthernet1/0/1
description TO-INTERNET
switchport trunk allowed vlan 1
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/2
description ACCESS-POINT
switchport access vlan 3
switchport mode access
switchport nonegotiate
device-tracking
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
description CLIENTS10
switchport access vlan 4
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
description CLIENTS20
switchport access vlan 5
switchport mode access
switchport nonegotiate
device-tracking
spanning-tree portfast
spanning-tree bpduguard enable
!
!
interface TenGigabitEthernet1/1/1
description LABWLC1-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface TenGigabitEthernet1/1/2
description LABWLC1-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface TenGigabitEthernet1/1/3
description LABWLC2-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
!
interface TenGigabitEthernet1/1/4
description LABWLC2-UPLINK
switchport trunk allowed vlan 2-5
switchport mode trunk
switchport nonegotiate
channel-group 2 mode active
!
!
interface Vlan1
description TO-INTERNET
ip address 172.16.1.1 255.255.255.0
!
interface Vlan2
description NWMGMT
ip address 172.16.2.1 255.255.255.0
!
interface Vlan3
description WLAN-MGMT
ip address 172.16.3.1 255.255.255.0
!
interface Vlan4
description CLIENTS10
ip address 172.16.4.1 255.255.255.0
!
interface Vlan5
description CLIENTS20
ip address 172.16.5.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.16.1.254
!
end
Make sure to interconnect both devices via the Redundancy Port (RP).
Primary WLC
WLC#
*Aug 23 05:50:33.011: %STACKMGR-6-STACK_LINK_CHANGE: Chassis 1 R0/0: stack_mgr: Stack port 1 on Chassis 1 is up
*Aug 23 05:50:33.016: %STACKMGR-6-STACK_LINK_CHANGE: Chassis 1 R0/0: stack_mgr: Stack port 2 on Chassis 1 is up
Secondary WLC
WLC#
*Aug 23 05:50:32.200: %STACKMGR-6-STACK_LINK_CHANGE: Chassis 1 R0/0: stack_mgr: Stack port 1 on Chassis 1 is up
*Aug 23 05:50:32.205: %STACKMGR-6-STACK_LINK_CHANGE: Chassis 1 R0/0: stack_mgr: Stack port 2 on Chassis 1 is up
0 Comments