wlc 5508 ha with sso - setup guide - v1.1
DESCRIPTION
WLC 5508 HA With SSO - Setup Guide - V1.1TRANSCRIPT
March 10th, 2014 WLC 5508 HA with SSO Setup Guide Version 1.1 Another offering from team MIDAS2 March 10th, 2014WLC 5508 HA with SSO Table of Contents Introduction ......................................................................................................................... 3 Logical Topology ................................................................................................................. 4 Physical Topology ................................................................................................................ 6 Disclaimer ............................................................................................................................ 8 Build Information ................................................................................................................ 8 Prerequisite knowledge ....................................................................................................... 8 Guide Overview ................................................................................................................... 9 Part 1: Review and Prepare the Current Network for HA ................................................. 10 Part 2: Configure the Secondary WLC 5508 to Support HA .............................................. 25 Part 3: Configure High-Availability with Stateful Switchover ........................................... 36 Part 4: Test High-Availability with Stateful Switchover Failover ...................................... 57 Appendix A: Final Device Configurations .......................................................................... 77 3 March 10th, 2014WLC 5508 HA with SSO Introduction Your integration company has been asked to add redundancy to an existing deployment of Cisco wireless. The current deployment includes a single 5508 WLC, and four access points, spanning two switches. The customer, Example.com, plans to have only corporate users connect to the network wirelessly as is configured currently, and expects to grow to fifty access points over the next four years. Example.com is also very concerned about outages to the wireless network, and would like to minimize downtime as much as possible. It is for this reason that a 5508 High-Availability setup was chosen, and we will configure Stateful Switchover (SSO). This guide will cover configuring High-Availability on a pair of 5508 WL Cs in a pre-existing network, as well as Stateful Switchover (SSO). Specifics that will be covered are as follows: Review prerequisites for 5508 HA. AP registration in an HA environment. Configure the network to support the HA. Configure the secondary 5508 via CLI. Configure both WLCs via GUI. Configure High-Availability (HA) and review changes. Configure Stateful Switchover (SSO) Test Failover and Redundancy Test client / AP in Failover and Redundancy. Please review the diagrams on the following pages carefully before proceeding. The following diagrams are of the intended layers two and three networks design, and represent the preexisting network at the start of the guide, as well as the final product upon completion. 4 March 10th, 2014WLC 5508 HA with SSO Logical Topology The diagram below depicts the logical L3 topology, both before and after, of the network. Pre-Deployment 5 March 10th, 2014WLC 5508 HA with SSO Post-Deployment 6 March 10th, 2014WLC 5508 HA with SSO Physical Topology The diagram below depicts the L2 topology, including both a before and after representation of the network. Pre-Deployment 7 March 10th, 2014WLC 5508 HA with SSO Post-Deployment 8 March 10th, 2014WLC 5508 HA with SSO Disclaimer This Guide is intended to demonstrate one way to configure the network, to meet the specified requirements of this example. There are various ways that this can be accomplished, depending on the situation and the customers goals/requirements. Please ensure that you consult all current official Cisco documentation before proceeding with a design or installation. This lab is primarily intended to be a learning tool, and may not necessarily follow best practice recommendation at all times, in order to convey specific information. This is not intended to be a deployment guide. It is intended for learning purposes only. Build Information As of the writing of this document, the current relevant documentation could be found on CCO at the following links: 3850 Series Configuration Guides http://www.cisco.com/c/en/us/support/switches/catalyst-3850-series-switches/products-installation-and-configuration-guides-list.html 5500 Series WLC Deployment Guide http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70ovrv.html The labs were constructed using the following software versions from CCO: 3850 03.03.02.SE.150-1 AP 702115.2.58-SE2* 5508 WLC7.6.100.0 Prerequisite knowledge A solid understanding of networking, including routing and switching is assumed. Some background with Cisco Wireless / Mobility is valuable but not required. 9 March 10th, 2014WLC 5508 HA with SSO Guide Overview This Guide will cover how to configure High-Availability in an existing deployment, consisting of a 5508 WLC, upgrading to a pair of 5508s.It will detail the required licensing, configuration for CLI and GUI, the process of pairing and primary vs. standby modes, Stateful Switchover (SSO), and finally, testing the completed wireless network.The key focus of this document is to gain an understanding of configuration and capabilities of the 5508 Wireless LAN Controller in a High-Availability solution, as well as the requirements and limitations. 10 March 10th, 2014WLC 5508 HA with SSO Part 1: Review and Prepare the Current Network for HA This part will cover the prerequisites required to configure High-Availability. This part will also include coverage ofthe current configuration of the existing 5508, DNS, DHCP, 5508 Code and License Levels, as well as adding the required connections for the new WLC. Section 1.1 Review the current configuration of the existing WLC 5508-A This section will detail what is required to be the same on each WLC in order to configure HA successfully. This section will also cover the port configuration of the existing 5508, and the current AP registration process. We begin by accessing the GUI of the existing 5508, shown below in the layer two and three diagrams. Please take a moment to review the diagram, and become familiar with the topology. 11 March 10th, 2014WLC 5508 HA with SSO In order to access the existing 5508 WLC, we navigate to the address below. This address is assigned to the wireless management port of the WLC connected into the Switch-A in VLAN 3. https://10.1.30.254 12 March 10th, 2014WLC 5508 HA with SSO We click Proceed anyway to accept the warning message that the WLC is using a self-signed certificate for HTTPS connections, and are redirected to the page shown below. On the login page shown above, we login with the followingusername and password. Username: admin Password: Cisco123 13 March 10th, 2014WLC 5508 HA with SSO The resulting monitor page is shown below. In order to configure High-Availability, there are a few prerequisites requirements. First is that the Primary and Standby Controllers both have the same version of Software. Below is a screenshot of the Controller Summary section on the Monitor page in the WLC GUI. Note that the current running software version is 7.6.100.0 on 5508-A. The WLC which it is paired with WILL need to have the same version. Also notethe Field Recovery Image Version just below it. It is NOT required that both WLCs have the same recovery code in order to pair. Now we navigate to the CONTROLLER section of the WLC GUI. 14 March 10th, 2014WLC 5508 HA with SSO On the resulting CONTROLLER page, expand the NTP dropdown and click on the Server link. On the resulting Server page, review the current configuration shown below. 15 March 10th, 2014WLC 5508 HA with SSO Notice that 5508-A is currently configured to receive its system time for a remote NTP server. In order for preform in a predictable manner, it is critical that both controllers have the same system time configured, before attempting to pair the systems. Now we navigate to MANAGEMENT, to review the current system licensing. From the MANAGEMENT page, we expand the Software Activation dropdown on the left side, and click on the Licenses link beneath. On the Licenses page shown below, take note of the currently active license. 16 March 10th, 2014WLC 5508 HA with SSO In order to configure High-Availability, we will need at least 50 Permanent AP licenses active on the controller. If the Primary Controller does not have the required licenses (At least 50 Permanent AP licenses) when it is paired, the Secondary will enter Maintenance Mode. The recommended licensing for a 5508 High-Availability configuration with Stateful Switchover (SSO) is for both Active and Hot Standby Controllers to be licensed with 50 Permanent AP licenses. This is the licensing we will be using today in our configuration. For more information on Licensing, refer to the 5500 Series High Availability (SSO) Deployment Guide linked below. http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html#pgfId-44069 Now that we have covered this requirement to successfully configure High-Availability on a pair of 5508 WLCs, let us talk about the Redundant Port, and how it should be cabled. Below is a picture of the faceplate of a Cisco Systems 5508 Wireless LAN Controller, taken directly from the Cisco 5500 Series Wireless Controller Installation Guide linked below. http://www.cisco.com/c/en/us/td/docs/wireless/controller/5500/install/guide/ctrl5500.html The Redundant Port shown in the above diagram as 1, is an Ethernet port that is used to connect the Primary and Secondary Controllers, so that they may enter into a High-Availability configuration. 17 March 10th, 2014WLC 5508 HA with SSO The new architecture for HA is for box-to-box redundancy. In other words, 1:1, where one WLC will be in an Active state, and the second WLC will be in a Hot Standby state continuously monitoring the health of the Active WLC via a Redundant Port. Keep-alive packets are sent on the Redundancy Port from the Standby to the Active WLC every 100 msec (default timer), in order to check the health of the Active WLC. Today we will be connecting 5508-A to 5508-B, via a single crossover cable from Redundant Port to Redundant Port. A direct physical connection between Active and Standby Redundant Ports is highly recommended. The distance between the connections can go up to 100 meters as per Ethernet cable standards. For more information on the Redundant Port, consult the 5500 Series High Availability (SSO) Deployment Guide linked below. http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html Now, let us consider the process used to register Access Points with the Wireless LAN Controller in the current configuration. To do this, we will access the DNS/DHCP windows server depicted in the section of the layer three pre-deployment diagram shown below. 18 March 10th, 2014WLC 5508 HA with SSO Below is shown the dnsmgmt window of the server. From here we expand the Forward Lookup Zones for example.com, and notice the entry shown below highlighted in blue. This configuration is currently utilizing a DNS entry for CISCO-CAPWAP-CONTROLLER to direct Access Points to 10.1.30.254 for registration. Based on this method of 19 March 10th, 2014WLC 5508 HA with SSO registration, we know we will not need to make any changes in order to implement High-Availability. Remember that the Active controller will always use the IP addresses from the configuration XML file it synchronizes across the Redundant Port. This means that Active controller, be it 5508-A or 5508-B, will be utilizing 10.1.30.254 as its Wireless Management IP Address. Still here on the DNS/DHCP Windows server that is part of our example.com existing network, let us take a look at current DHCP configuration. Below is a screenshot of the DHCP window. Here we can see that DHCP for Access points is handled by this server, as well as DHCP for wireless clients connecting the Corporate WLAN. This means that we will not need to worry about DHCP leases as part of our High-Availability deployment. Now in the GUI of 5508-A ,let us navigate to the CONTROLLER page. From the controller page, we click on Interfaces on the left hand side. Here is the resulting Interfaces page shown below. 20 March 10th, 2014WLC 5508 HA with SSO Notice that there are currently two interfaces in use (Corporate and Management) with addresses. In order for the Secondary (Hot Standby) WLC to take over functionality in the event of a failure, it must also have the same interfaces attached to the same VLANs or networks, via the same physical ports on the device. With this in mind, take a look at the layer two diagram of the existing network below. The Secondary (Hot Standby) WLC will need to be connected to VLANs 2 and 3 over ports 1 and 7, just as the Primary (Current) WLC is now, in order for High-Availability to function as intended. In the next section we will make the required network configurations to support the additional WLC. 21 March 10th, 2014WLC 5508 HA with SSO Section 1.2 Configuring the Network to Support the New WLC 5508-B This section will cover configuring the switched network to support an additional WLC, as described in the end of Section 1.1 above. We begin by reviewing the intended (Final) layer two diagram of the network shown below. We will begin by accessing Switch-B, that will handle the two network connections from the additional 5508 WLC. Below is the login prompt of Switch-B. We login with the credentials below, and enter configuration terminal mode. 22 March 10th, 2014WLC 5508 HA with SSO Username: admin Password: cisco123 Before we configure the two ports that will connect to the additional 5508, let us look at the current port and VLAN configurations. show run int g1/0/23 show run int g1/0/24 show vlan 23 March 10th, 2014WLC 5508 HA with SSO Now we will configure the first port to support the corporate VLAN on the additional 5508. config t int g1/0/23 switchport mode access switchport access vlan 2 switchport nonegotiateno shut exit Now let us configure the second port supporting the Management VLAN 3. int g1/0/24 switchport mode access switchport access vlan 3 switchport nonegotiate no shut exit 24 March 10th, 2014WLC 5508 HA with SSO Now we confirm the updates, and save the configuration to flash. show run int g1/0/23 show run int g1/0/24 The network infrastructure is now prepared for the implementation of the High-Availability deployment. Let us now move on to configuring the secondary 5508 WLC. 25 March 10th, 2014WLC 5508 HA with SSO Part 2: Configure the Secondary WLC 5508 to Support HA Part 2 will cover configuring the 5508 Wireless LAN Controller via the Console port, using the Setup Wizard, in accordance with the HA design, accessing the GUI and preparing the device to become the standby unit in the High-Availability deployment. Before we begin configuration, let us again look at the layer two intended configuration. The links to the additional 5508-B have been cabled, including the cable to the Redundant Port of each 5508. Section 2.1 Complete the Setup Wizard via the Console This section will cover completing the Setup Wizard via the CLI/Console connection. From the console of the 5508, answer the questions of the Setup Wizard as follows, to match the intended example topology.
System Name: 5508-B Admin Username: admin Password: Cisco123 Password re-enter: Cisco123 26 March 10th, 2014WLC 5508 HA with SSO Service Int IP: DHCP Enable LAG: NO Management Int IP Address: 10.1.30.254 Management Int Netmask: 255.255.255.0 Management Int Default Route: 10.1.30.1 Management Int VLAN ID: 0(Untagged) Management Int Port Num: 1(Physical Port) Management Int DHCP Server IP: 10.1.40.200 Enable HA: NO(Will Configure Later) Mobility/RF Group Name: Example Network Name (SSID): Example-Corp DHCP Bridging Mode: NO Allow Static IP: YES Configure Radius Server: NO 27 March 10th, 2014WLC 5508 HA with SSO Enter Country Code: US Enable 802.11b: YES Enable 802.11a: YES Enable 802.11g: YES Enable Auto-RF: YES Configure a NTP Server: YES NTP Server IP Address: 206.246.122.250 Polling Interval: 5400 Configuration Correct (Save and Reload): YES Once the 5508 has reloaded, it will have the above options configured. The below login prompt will appear at the console when the reload is completed. Let us login now and run a few show commands. 28 March 10th, 2014WLC 5508 HA with SSO User: admin Password: Cisco123 From the command line of the 5508 controller, let us now review the current High-Availability configuration. Remember that in the Setup Wizard, we chose not to configure HA just yet. show redundancy summary Now let us look at the current level of licensing in use on the 5508 controller. show license in-use Remember, it is required that the active 5508 have at least 50 AP licenses in-use in order to configure High-Availability with SSO, and that both units having 50+ licenses is recommended. 29 March 10th, 2014WLC 5508 HA with SSO Section 2.2 Access and Prepare the 5508-B Wireless LAN Controller via the GUI In this section, we will access the web GUI of the 5508-B Wireless LAN Controller and review the configuration of the device, as well as complete a few prerequisites required before configuring HA with SSO. Now let us access the Wireless LAN Controller, by navigating to the Wireless Management Interface IP address via HTTPS. https://10.1.10.253 We login with the configured username and password set in the setup wizard. User: admin Password: Cisco123 30 March 10th, 2014WLC 5508 HA with SSO At the resulting MONITOR page, we review a number of important items. Here we can see that the new 5508 has licensing for up to 62 access points currently available. We can also see that the current running code matches 5508-A. Before we configure High-Availability with SSO on the two 5508s, we need to take care of a few more items. The first of which is to configure the time zone. From the MONITOR page, we navigate to COMMANDS, to set the time zone. From the COMMANDS page, we select Set Time from the left hand side of the page. 31 March 10th, 2014WLC 5508 HA with SSO On the resulting Set Time page, we expand the Location dropdown, to select the Eastern Standard Time zone. Below is the dropdown menu with the Eastern Standard Time zone selected in blue. With the time zone now selected, we click on Set Timezone button at the top right, to confirm the change. 32 March 10th, 2014WLC 5508 HA with SSO We click ok to confirm, in the resulting message. Next, we need to configure the interfaces of this new 5508, to match the existing unit. When High-Availability is configured, the Active 5508 will copy its running configuration to the standby unit. When the standby unit comes active for whatever reason, it will assume the exact configuration of the originally active Unit. This means that the same physical interfaces of both 5508s should be connected to the same subnets, to prevent any unintended consequences. Now let us configure the interfaces of 5508-B, to line up with the existing 5508-A ,and be ready to successfully support a switchover. In the GUI of 5508-B, we navigate to CONTROLLER from the top links shown below. On the resulting CONTROLLER page, we navigate to Interfaces, from the left hand links. 33 March 10th, 2014WLC 5508 HA with SSO On the Interfaces page, notice that there is not yet a corporate interface configured. In order to configure this interface, we click the New button in gray at the top right of the screenshot below. On the resulting Interfaces > New page shown below, we fill in the information to match the 5508-A configuration. Interface Name: CorporateVLAN Id: 0 After filling in the information, we click the Apply button at the top right. The resulting page is shown below. 34 March 10th, 2014WLC 5508 HA with SSO On this page as wel,l we fill in the information to match the configuration of the 5508-A, but adjust the IP address to prevent a conflict. Port Number: 7 IP Address: 10.1.20.253 Netmask: 255.255.255.0 Gateway: 10.1.20.1 Primary DHCP Server: 10.1.40.200 Once the information is filled in, we click Apply again, to confirm the changes. 35 March 10th, 2014WLC 5508 HA with SSO We accept the message, by clicking OK to continue. At this point, we will save the configuration. These controllers are now prepared to support High-Availability. To save the configurations, we click on the Save Configuration link at the top left of the page shown in orange below. Upon clicking Save Configuration, the message below appears. We click OK to continue on. Once the first message is accepted, the second message below appears, confirming the configuration was properly saved to flash. At this point, we will move on to configuring High-Availability with SSO. 36 March 10th, 2014WLC 5508 HA with SSO Part 3: Configure High-Availability with Stateful Switchover This Part will cover the configuration of High-Availability (HA) with Stateful Switchover (SSO) via the GUI of each controller. Each of the 5508 WLCs will reboot as part of the process. The secondary WLC may reboot up to three times.
Section 3.1 Configure High-Availability with SSO via the GUI This section will cover the configuration for each WLC for HA with SSO via the GUI of each controller. For the GUI of each 5508, we will configure the unit as primary or secondary, specify the implementation of Stateful Switchover (SSO), as well as the IP addresses of the Redundant Ports. To begin, we access the GUI of the original 5508-A shown below. Username: admin Password: Cisco123 Once at the MONITOR page below, we confirm again that our APs are registered, and at least 50 AP licenses. 37 March 10th, 2014WLC 5508 HA with SSO In order to configure High-Availability through the GUI, we navigate to CONTROLLER from the top of the page. On the CONTROLLER page, we expand Redundancy, and select Global Configuration. 38 March 10th, 2014WLC 5508 HA with SSO Let us now take a moment, and review the options on the resulting page. Before we fill in any parameters, let us review the foot notes in blue. The first foot note states that the redundant port and its peer port must be addressed here. The second is the keep-alive timer is set in milliseconds, incremented by 50. The third is that if SSO is not enabled, it will result in the standby unit rebooting, as well as the standby units interfaces being disabled to prevent an IP conflict on the network. With these items taken into consideration, we will now fill in the required information, but before doing so, we will again review the layer three final diagram. 39 March 10th, 2014WLC 5508 HA with SSO The HA-MGMT network between the two 5508s is for our redundancy IP information. If you look closely at the segment, you will notice that it overlaps with that of the VLAN 3 MGMT network just above it. This is not by mistake, but rather by design. The redundant port of each 5508 utilizes an IP address from the same network as the management interface. Below are the parameters we set on the controllers GUI redundancy global configuration page. Redundancy MGMT IP: 10.1.30.201 Peer Redundancy MGMT IP: 10.1.30.202 Redundancy Unit: Primary Before we apply these changes or navigate away from this page, we will enable Stateful Switchover (SSO), by selecting Enabled from the dropdown menu. 40 March 10th, 2014WLC 5508 HA with SSO Once Enabled is selected, some of the sections filled in previously will become grayed. Two more items will also appear below the SSO dropdown. These two new sections apply to the service port. The service port is intended for management access to the 5508, as well as a few other things, but it is not a requirement of High-Availability and or SSO. Now that the intended configuration has been selected, we will click Apply to confirm and begin the process. After clicking the Apply button, the below message appears. As part of the process, this 5508 (The current controller servicing APs and Clients) needs to reboot. Configuring HA with SSO will be disruptive to network activity. Make sure to use a change window or plan ahead for these interruptions. We now click OK to confirm the reboot of the 5508. The reboot will take a few moments. We will watch the boot process of the 5508 from the console. 41 March 10th, 2014WLC 5508 HA with SSO The 5508 will boot as usual for the most part, but the 5508 will now also look for its peer to associate with. 42 March 10th, 2014WLC 5508 HA with SSO At this point in the boot process shown above, the 5508 begins to search for its peer. After 120 seconds, if there is not a positive response from the 5508 connected across its redundancy port, it will finish booting as the active controller. 43 March 10th, 2014WLC 5508 HA with SSO Once the User prompt is reached, the 5508 is booted. Now we will configure 5508-B in the same way that we did 5508-A, but as the secondary controller. We begin by returning to the GUI of 5508-B. Username: admin Password: Cisco123 44 March 10th, 2014WLC 5508 HA with SSO From the resulting MONITOR page of the GUI, we navigate to CONTROLLER, to configure High-Availability. Just like the 5508-A, we expand Redundancy, and select Global Configuration. 45 March 10th, 2014WLC 5508 HA with SSO On the resulting Global Configuration page, we fill in the below information. On this 5508, we specify the unit as secondary, as well as enable Stateful Switchover. Redundancy MGMT IP: 10.1.30.202 Peer Redundancy MGMT IP: 10.1.30.201 Redundancy Unit: Secondary Now, we access the console of this 5508, so we can watch its reboot process, just like we did on the original controller. With the console open, we now click Apply at the top right of the GUIs Global Configuration page, to apply the High-Availability and initiate the reboot. Again after clicking Apply, we receive the message notifying us of the required system reboot.46 March 10th, 2014WLC 5508 HA with SSO Once we click OK, the changes take effect and reboot process begins. With the console window open, we proceed. The process begins just like on the first 5508. The boot process begins. 47 March 10th, 2014WLC 5508 HA with SSO 48 March 10th, 2014WLC 5508 HA with SSO At this point, the 5508 begins to search for its peer. Once the 5508 finds the peer (5508-A), it looks to see if the configuration files (XMLs) match. As can be seen below, the XMLs did not match those of 5508-A. As can be seen above, in order to sync the configuration files across both controllers, a second reboot is required. 49 March 10th, 2014WLC 5508 HA with SSO 50 March 10th, 2014WLC 5508 HA with SSO Again, the controller attempts to find its peer. After finding its peer, it compares the configuration again, with that of the active controller (5508-A), and they now match, so no reboot is required. 51 March 10th, 2014WLC 5508 HA with SSO After confirming the XMLs, the unit is designated as standby, shown above at the top of the screenshot. After reaching the User: prompt, the 5508 is now fully booted. In the next section, we will review the results in detail. 52 March 10th, 2014WLC 5508 HA with SSO Section 3.2 Confirm HA and SSO configuration via GUI and CLI This section covers the screens in the GUI and commands in the CLI, used to view the current High-Availability state. We begin by accessing the GUI of the primary controller. To do so, we navigate to the address below. https://10.1.30.254 Now let us log in again with the username and password we configured. 53 March 10th, 2014WLC 5508 HA with SSO On the resulting MONITOR page, we can see that under Controller Summary, the Redundancy Mode is now listed as SSO for both APs and Clients. This means that in the event of a failover from the primary controller to the secondary, the currently registered APs and client connections will be shifted almost seamlessly. This prevents the need for both clients and APs, to re-register or reconnect to the now active controller. In order to review the configuration further, we will expand Redundancy on the left hand of the page, and select Summary. 54 March 10th, 2014WLC 5508 HA with SSO On the resulting redundancy summary page, we can see a dashboard view of the redundancy and SSO status. Here, we can see that the current local state (this device) is active. Below that we can see that the peer state (5508-B) is standby hot. The hot designation implies that Stateful Switchover (SSO) is in effect. We also can look at the redundancy state, which is SSO for both APs and Clients to confirm this. The next major item displayed here is the Switchover History Table at the bottom in blue. In the event of a failover or switchover, it will be displayed here, including the time and a possible reason for the event. Now that we have reviewed the primary units GUI, we will attempt to do the same for the secondary unit. https://10.1.30.253 55 March 10th, 2014WLC 5508 HA with SSO Here we can see that the secondary unit (Currently 5508-B) is unreachable via the GUI. This is intentional and expected. When a unit becomes standby, it inherits the configuration of the primary unit, and any configuration changes made to the primary unit are mirrored to the secondary unit. With SSO, the APs mirror the tunnel built with the active controller to the standby controller. All configuration changes after the implementation of HA, are intended to be made through the primary unit. For this reason, the standby units GUI is disabled. Now in order to review the state of 5508-B, we access its console. From the console, both before and after logging in, we see that this controller is designated standby. In standby, many commands are disabled in the CLI. Let us now see what is still available. 56 March 10th, 2014WLC 5508 HA with SSO Above, we can see that the list is short. Now let us review the High-Availability status. show redundancy summary Here we can see that at the top, SSO is enabled and the local state (5508-B) is standby hot. The peer state (5508-A) is active and this unit is secondary HA SKU. This means that 5508-B has inherited the 62 AP licenses from 5508-A. Now that we have reviewed the High-Availability with Stateful Switchover configuration, it is time to test failover.
57 March 10th, 2014WLC 5508 HA with SSO Part 4: Test High-Availability with Stateful Switchover Failover This Part will cover testing the failover capabilities and convergence time of the High-Availability configuration, and manually restoring the failed unit to primary. Section 3.2 Test Redundancy in the event of Active Controller Failure In this section, we power off the primary controller and watch the secondary unit take over, as well as note the convergence time of wireless clients. We will begin by accessing the GUI of the primary controller. Below we have the MONITOR page of 5508-A. Here we can see that we currently have 4 access points registered with the controller. Now let us reconnect the client to the corporate WLAN. Cisco123 58 March 10th, 2014WLC 5508 HA with SSO From the desktop, we will connect to the Example-Corp WLAN. 59 March 10th, 2014WLC 5508 HA with SSO We enter the pre shared key. Cisco123 Now we check to make sure we received an IP address, using the command below, in the CMD prompt launched from the desktop. ipconfig 60 March 10th, 2014WLC 5508 HA with SSO Above we can see the client successfully connected and received an address in the 10.1.20.0/24 address space. Now we will start a streaming ping from this client workstation to the firewall in the vlan 5 internet edge network. Ping 192.168.1.1 -t 61 March 10th, 2014WLC 5508 HA with SSO NowwiththispingrunningandthecontrollerGUIopen,wewillmanuallypoweroff 5508-A to watch the failover process in real time. I now power off 5508-A, and we can watch the client never loses a ping (Sometimes will miss one or two), although the WLC GUI Monitor page stops refreshing. 62 March 10th, 2014WLC 5508 HA with SSO Almost immediately after 5508-A loses power, the message below is received on the console of 5508-B. In order to access the GUI of the now active controller, we will need to close the web page and reopen it, as the https session has been lost. When reconnecting to the active controller (now 5508-B), we will return to the same address we used to connect to 5508-A. The reason for this is that with HA and SSO, the secondary unit assumes the exact same configuration of the original unit, including IPs as part of the transition.63 March 10th, 2014WLC 5508 HA with SSO Again we receive the unsigned certificate warning message just as before. On the following login page, we access the GUI just as before. 64 March 10th, 2014WLC 5508 HA with SSO Once logged into the WLC, we notice that the Monitor page looks just as it did moments ago. This can be very deceiving. Note that as part of the configuration matching, even the hostname is now the same (5508-A). In order to know there was a failover, we need to navigate to Summary under Redundancy. 65 March 10th, 2014WLC 5508 HA with SSO Here on the Redundancy Summery page, we can see that there is now an event under Switchover History Table at the bottom. Here we can find that the previously active controller (10.1.30.201 as they are referred to by their redundancy management IPs as that is now the only differentiating factor as far as configuration) was active, but now 10.1.30.202 aka 5508-B is the active controller. The stated reason for the switchover is Active controller failed and the date and exact time of the failure is listed to the right. At this point, we have witnessed a successful switchover of clients and APs, almost seamlessly in the event of a complete system failure (Power Loss) of the active controller. 66 March 10th, 2014WLC 5508 HA with SSO Section 3.3 Test Manual Redundancy Switchover This section will cover how to return the primary role to 5508-A, afterit has regained power and registered as the standby unit with 5508-B In order to return 5508-A to active controller status, we must first power the device back on, and allow it to register with the now active controller (5508-B). During the process, we will watch the console of 5508-A as it boots and finds its peer. The boot process begins as usual. 67 March 10th, 2014WLC 5508 HA with SSO At this point in the boot process, the unit looks for and finds its peer. It then takes the standby role, as there is already an active unit (5508-B). The unit now compares its configuration with that of the standby. After finding the configurations do not match, this unit downloads the new XMLs and reboots. 68 March 10th, 2014WLC 5508 HA with SSO 69 March 10th, 2014WLC 5508 HA with SSO Again the unit searches for its peer. Again the controller finds its peer and takes the standby role. This time the unit finds the XMLs match and continues the boot process. 70 March 10th, 2014WLC 5508 HA with SSO The controller completes the process and reaches the user prompt. 71 March 10th, 2014WLC 5508 HA with SSO In order to initiate a switchover, we will need to access the console of active controller (5508-B) and issue the command below, to do so. redundancy force-switchover Above we can see that the system asks to save the configuration. Once confirmed, the configuration is saved to flash. Immediately after saving the configuration, the controller reboots. 72 March 10th, 2014WLC 5508 HA with SSO 73 March 10th, 2014WLC 5508 HA with SSO At this point in the boot process, the controller looks for its peer. The controller finds its peer and determines its role. As commanded, the unit takes the standby role. The controller now compares and finds the configuration matches, proceeding with the boot process. 74 March 10th, 2014WLC 5508 HA with SSO And again, the process completes when the console reaches the user prompt. Now we will return to the active controllers GUI. Again, we need to close the window and reopen another. 75 March 10th, 2014WLC 5508 HA with SSO From the MONITOR page, we navigate to summary under redundancy. On the resulting page, we can see there are now two items listed in the Switchover History Table. The new item on the bottom shows that the switchover was user initiated, as expected. 76 March 10th, 2014WLC 5508 HA with SSO At this point, we have completed our configuration and testing. High-Availability with Stateful Switchover (SSO) has been configured and tested in both directions. 77 March 10th, 2014WLC 5508 HA with SSO Appendix A: Final Device Configurations Cisco 3850-A Final Device Configuration ! ! Last configuration change at 01:03:05 UTC Sun Mar 2 2014 by admin ! version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname 3850-Switch-A ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! username admin privilege 15 password 0 cisco123 no aaa new-model switch 1 provision ws-c3850-24p ip routing ! ! ! qos wireless-default-untrust ! crypto pki trustpoint TP-self-signed-1481846860 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1481846860 revocation-check none rsakeypair TP-self-signed-1481846860 78 March 10th, 2014WLC 5508 HA with SSO ! ! crypto pki certificate chain TP-self-signed-1481846860 certificate self-signed 02 30820245 308201AE A0030201 02020102 300D0609 2A864886 F70D0101 0405003031312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 4365727469666963 6174652D 31343831 38343638 3630301E 170D3134 30333031 3230343731375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 031326494F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 3438313834363836 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 818902818100A570 200F5D58 2E34B152 119EC8A4 B39AF748 1141EE93 5ED5C245 0904BA25A0C83EB1 97E5766B B8C28B07 03A5BB3D 941B772F C86951E0 1984C8E0 C257BD2993505FA5 CA6E4618 0918D887 0764879F 285D2EC8 69323BA9 87EDF5FA 7DDF706AF97DBD64 9618287C BCE62C9B 0998434F E759430E 3E42B499 DB10370C 8C75753021CF0203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603551D1104 11300F82 0D333835 302D5377 69746368 2D41301F 0603551D 230418301680141E F4E30FB0 1DCB9DE8 009B2867 480CB559 AD12A230 1D060355 1D0E041604141EF4 E30FB01D CB9DE800 9B286748 0CB559AD 12A2300D 06092A86 4886F70D01010405 00038181 0053F432 9EE2C515 82175F9C 0B12C287 12B3BEB9 FADA93F56E4177C0 1EC3C46A 4E537144 27CAE4AD 91CD63E2 BF272806 CA62C362 944744593D7E4F43 F441065E 5DA53A0C 74084F33 EACACFD9 18A8E4B5 4792E5EE AEF2E6C905EEBD1A 75750B6B 11CC7AD1 007BF78E AD43A5AD 5D8D21FC 274971B9 44D039BCB14074A2 833AC3BC 4A quit ! ! ! ! ! diagnostic bootup level minimal spanning-tree mode pvst spanning-tree extend system-id ! redundancy mode sso ! ! ! class-map match-any non-client-nrt-class match non-client-nrt! ! ! ! 79 March 10th, 2014WLC 5508 HA with SSO ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address negotiation auto ! interface GigabitEthernet1/0/1 switchport access vlan 5 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/2 switchport trunk allowed vlan 2-4 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 switchport access vlan 3 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 switchport access vlan 3 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 switchport access vlan 4 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/11 switchport access vlan 4 switchport mode access 80 March 10th, 2014WLC 5508 HA with SSO switchport nonegotiate ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 switchport access vlan 2 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/24 switchport access vlan 3 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! 81 March 10th, 2014WLC 5508 HA with SSO interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface Vlan1 no ip address shutdown ! interface Vlan2 ip address 10.1.20.1 255.255.255.0 ip helper-address 10.1.40.200 ! interface Vlan3 ip address 10.1.30.1 255.255.255.0 ip helper-address 10.1.40.200 ! interface Vlan4 ip address 10.1.40.1 255.255.255.0 ! interface Vlan5 ip address 192.168.1.254 255.255.255.0 ! ip default-gateway 192.168.1.1 no ip http server ip http authentication local ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ! ! ! ! line con 0 session-timeout 999 logging synchronous login local stopbits 1 line aux 0 stopbits 1 line vty 0 4 session-timeout 900 logging synchronous 82 March 10th, 2014WLC 5508 HA with SSO login local line vty 5 15 session-timeout 900 logging synchronous login local ! wsma agent exec profile httplistener profile httpslistener wsma agent config profile httplistener profile httpslistener wsma agent filesys profile httplistener profile httpslistener wsma agent notify profile httplistener profile httpslistener ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ap dot11 24ghz rrm channel dca add 1 ap dot11 24ghz rrm channel dca add 6 ap dot11 24ghz rrm channel dca add 11 ap dot11 5ghz rrm channel dca add 36 ap dot11 5ghz rrm channel dca add 40 ap dot11 5ghz rrm channel dca add 44 ap dot11 5ghz rrm channel dca add 48 ap dot11 5ghz rrm channel dca add 52 ap dot11 5ghz rrm channel dca add 56 ap dot11 5ghz rrm channel dca add 60 ap dot11 5ghz rrm channel dca add 64 ap dot11 5ghz rrm channel dca add 149 ap dot11 5ghz rrm channel dca add 153 ap dot11 5ghz rrm channel dca add 157 ap dot11 5ghz rrm channel dca add 161 ap group default-group end Cisco 3850-B Final Device Configuration 83 March 10th, 2014WLC 5508 HA with SSO ! ! Last configuration change at 12:03:02 UTC Fri Mar 7 2014 by admin ! version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname 3850-Switch-B ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! username admin privilege 15 password 0 cisco123 no aaa new-model switch 1 provision ws-c3850-24p ip routing ! ! ! qos wireless-default-untrust ! crypto pki trustpoint TP-self-signed-3436934103 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3436934103 revocation-check none rsakeypair TP-self-signed-3436934103 ! ! crypto pki certificate chain TP-self-signed-3436934103 certificate self-signed 02 30820245 308201AE A0030201 02020102 300D0609 2A864886 F70D0101 0405003084 March 10th, 2014WLC 5508 HA with SSO 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 4365727469666963 6174652D 33343336 39333431 3033301E 170D3134 30333037 3131323130365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 031326494F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 3433363933343130 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 818902818100AA99 E72F38C5 BD01EDB6 D6F06A74 7C2B48B0 6063F8D7 F0143789 E3FE07EED56E22EE FB6F8EDB D30C5B7C 169E3F31 71FD0E53 A7A2E697 C390F10B 68BFB6731335BD50 564148BA 5CB7C2A2 DCBAD460 229A176A D22BD128 5DDABE84 6411A510E7F35D9E 9A59CF57 22425326 4C3EC262 D02DAC09 47EE95BD 8ABB817C 8FB0031EAC6F0203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603551D1104 11300F82 0D333835 302D5377 69746368 2D42301F 0603551D 2304183016801437 70450336 2D8E2C46 0577B956 73327CE6 EDD8F030 1D060355 1D0E041604143770 4503362D 8E2C4605 77B95673 327CE6ED D8F0300D 06092A86 4886F70D01010405 00038181 00190279 E835A80D 8F2B52E4 BB642DE9 2B904A38 A8FEFC082868B208 BFC29F68 5F1AE7AC DF2D1B07 D534CC18 6F3487B9 C4E30135 C9C63CF726FF2CD5 97772E7D 35B9CA17 CC9CFF39 E38ECBAD D14AA560 403617E0 ACB120D204BE4B1E 3E73B224 434375FE 99B11883 6ADA9D61 7039FAE6 D78D0BFF 00F6D746D87420B8 8545784B 9B quit ! ! ! ! ! diagnostic bootup level minimal spanning-tree mode pvst spanning-tree extend system-id ! redundancy mode sso ! ! ! class-map match-any non-client-nrt-class match non-client-nrt! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address 85 March 10th, 2014WLC 5508 HA with SSO negotiation auto ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 switchport trunk allowed vlan 2-4 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 switchport access vlan 3 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 switchport access vlan 3 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 86 March 10th, 2014WLC 5508 HA with SSO ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 switchport access vlan 2 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/0/24 switchport access vlan 3 switchport mode access switchport nonegotiate ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface Vlan1 no ip address shutdown ! interface Vlan2 ip address 10.1.20.2 255.255.255.0 ! 87 March 10th, 2014WLC 5508 HA with SSO interface Vlan3 ip address 10.1.30.2 255.255.255.0 ! interface Vlan4 ip address 10.1.40.2 255.255.255.0 ! ip default-gateway 10.1.40.1 no ip http server ip http authentication local ip http secure-server ip route 0.0.0.0 0.0.0.0 10.1.40.1 ! ! ! ! ! line con 0 session-timeout 999 logging synchronous login local stopbits 1 line aux 0 stopbits 1 line vty 0 4 session-timeout 900 logging synchronous login local line vty 5 15 session-timeout 900 logging synchronous login local ! wsma agent exec profile httplistener profile httpslistener wsma agent config profile httplistener profile httpslistener wsma agent filesys profile httplistener profile httpslistener wsma agent notify profile httplistener profile httpslistener 88 March 10th, 2014WLC 5508 HA with SSO ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ap dot11 24ghz rrm channel dca add 1 ap dot11 24ghz rrm channel dca add 6 ap dot11 24ghz rrm channel dca add 11 ap dot11 5ghz rrm channel dca add 36 ap dot11 5ghz rrm channel dca add 40 ap dot11 5ghz rrm channel dca add 44 ap dot11 5ghz rrm channel dca add 48 ap dot11 5ghz rrm channel dca add 52 ap dot11 5ghz rrm channel dca add 56 ap dot11 5ghz rrm channel dca add 60 ap dot11 5ghz rrm channel dca add 64 ap dot11 5ghz rrm channel dca add 149 ap dot11 5ghz rrm channel dca add 153 ap dot11 5ghz rrm channel dca add 157 ap dot11 5ghz rrm channel dca add 161 ap group default-group end Cisco 5508-A Final Device Configuration ! config 802.11a cac voice sip bandwidth 64 sample-interval 20config 802.11a cac voice sip codec g711 sample-interval 20config advanced probe limit 2 500config advanced 802.11a channel add 36config advanced 802.11a channel add 40config advanced 802.11a channel add 44config advanced 802.11a channel add 48config advanced 802.11a channel add 52config advanced 802.11a channel add 56config advanced 802.11a channel add 60config advanced 802.11a channel add 64config advanced 802.11a channel add 149config advanced 802.11a channel add 153config advanced 802.11a channel add 157config advanced 802.11a channel add 161config advanced probe-limit 2 500config advanced 802.11b channel add 189 March 10th, 2014WLC 5508 HA with SSO config advanced 802.11b channel add 6config advanced 802.11b channel add 11config country USconfig switchconfig strong-pwd lockout attempts mgmtuser 3config switchconfig strong-pwd lockout time mgmtuser 5config interface port management 1config interface address management 10.1.30.254 255.255.255.0 10.1.30.1config interface address virtual 1.1.1.1config interface port corporate 7config interface address dynamic-interface corporate 10.1.20.254 255.255.255.0 10.1.20.1config interface dhcp management primary 10.1.40.200config interface dhcp service-port enableconfig interface create corporate 0config interface dhcp dynamic-interface corporate primary 10.1.40.200config interface vlan corporate 0config license boot baseconfig time ntp interval 5400config time ntp server 1 206.246.122.250config time timezone location 8config wlan broadcast-ssid enable 1config wlan wmm allow 1config wlan exclusionlist 1 60config wlan interface 1 corporateconfig wlan mfp client enable 1config wlan create 1 Example-Corp Example-Corpconfig wlan session-timeout 1 1800config wlan security wpa akm psk set-key hex encrypt 1 9feedb82de8b56de6b2ad2f6d3353593 35ba68e372e507606cf645dec83c0f3119739ea5 48 ce3011918b51cef71b35bc07d767f1422fe59cba6bcde85a8e0d5885cad8ad45ce4d7abaed36ed6f35b293a4d7c46451000000000000000000000001000000004892e4c800000000139822900000000010c827640000000010c8190c000000004892e4c0000000000000001100000000139822900000000010c842a000000000139822900000000010c84c0800000000 1config wlan security wpa akm psk enable 1config wlan security wpa akm 802.1x disable 1config wlan security wpa enable 1config wlan security web-auth server-precedence 1 local radius ldapconfig wlan security wapi akm psk set-key hex encrypt 1 9feedb82de8b56de6b2ad2f6d3353593 35ba68e372e507606cf645dec83c0f3119739ea5 48 ce3011918b51cef71b35bc07d767f1422fe59cba6bcde85a8e0d5885cad8ad45ce4d7abaed36ed6f35b293a4d7c46451000000000000000000000001000000004892e4c80000000090 March 10th, 2014WLC 5508 HA with SSO 139822900000000010c827640000000010c8190c000000004892e4c0000000000000001100000000139822900000000010c842a000000000139822900000000010c84c0800000000 1config wlan enable 1config mobility group domain Exampleconfig certificate generate webadminconfig redundancy mobilitymac c4:71:fe:97:86:e0config radius callstationidtype ipaddrconfig network rf-network-name Exampleconfig network multicast l2mcast disable service-portconfig network multicast l2mcast disable virtualconfig database size 2048config 802.11b 11gsupport enableconfig 802.11b cac voice sip bandwidth 64 sample-interval 20config 802.11b cac voice sip codec g711 sample-interval 20config ap packet-dump truncate 0config ap packet-dump capture-time 10config ap packet-dump buffer-size 2048config mgmtuser add encrypt admin 1 b4bab9e80e7e8846841e157a0f8434c3 bea96787ca614f179382b3a74c0dee641a9734a6 16 3e8f0fcc7e5b34a0f8279c03e14cae810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-writeconfig mdns profile service add default-mdns-profile AirPrintconfig mdns profile service add default-mdns-profile AirTunesconfig mdns profile service add default-mdns-profile AppleTVconfig mdns profile service add default-mdns-profile HP_Photosmart_Printer_1config mdns profile service add default-mdns-profile HP_Photosmart_Printer_2config mdns profile service add default-mdns-profile Printerconfig mdns profile create default-mdns-profileconfig mdns service origin all AirPrintconfig mdns service query enable AirPrintconfig mdns service create AirPrint _ipp._tcp.local. origin all lss disable query enableconfig mdns service origin all AirTunesconfig mdns service query enable AirTunesconfig mdns service create AirTunes _raop._tcp.local. origin all lss disable query enableconfig mdns service origin all AppleTVconfig mdns service query enable AppleTVconfig mdns service create AppleTV _airplay._tcp.local. origin all lss disable query enableconfig mdns service origin all HP_Photosmart_Printer_1config mdns service query enable HP_Photosmart_Printer_1config mdns service create HP_Photosmart_Printer_1 _universal._sub._ipp._tcp.local. origin all lss disable query enableconfig mdns service origin all HP_Photosmart_Printer_2config mdns service query enable HP_Photosmart_Printer_291 March 10th, 2014WLC 5508 HA with SSO config mdns service create HP_Photosmart_Printer_2 _cups._sub._ipp._tcp.local. origin all lss disable query enableconfig mdns service origin all Printerconfig mdns service query enable Printerconfig mdns service create Printer _printer._tcp.local. origin all lss disable query enableconfig sysname 5508-Atransfer upload path /transfer upload filename FCW1452L0CU-confgtransfer upload serverip 192.168.1.110transfer upload datatype configtransfer download path /transfer download filename FCW1452L0CU-confgtransfer download serverip 192.168.1.110transfer download datatype config