CCIE Enterprise Wireless (v1.0) – section 3.3 – a – Cisco 9800 Cloud Controller High Availability ( HA ) /SSO


Prior to enabling HA between two 9800 WLCs ensure these you perform these validations:
Both devices must be of same PID. In case of 9800-CL, ensure the hosting environment
(ESXi or KVM or ENCS) is same for both instances.

  1. Both devices must run the same version of software.
  2. Both devices must be running in same Installation Mode (Either Bundle or Install)
  3. Both devices should have redundant IPs in the same subnet. IP address used for redundancy should be L2 unroutable.
  4. Both devices must have their own wireless management interface
  5. Wireless management interface of both devices must belong to the same VLAN/subnet.
  6. In case of 9800-CL, Verify same CPU, memory and hard disk resources are allocated to both instances.Verify VM snapshot is disabled for both instances.

show chassis to verify that the devices are not paired:

Configure HA via the CLI – similar to how AireOS SSO was configured. Point the two devices at each other ( wlc0001 points to wlc0002 as a peer and the other way around). The controller with the highest priority will become the HA primary.

Once completed – verify that HA has not taken effect

Next reboot both controllers

Once the controllers start to communicate with each other the WLC with the highest priority will take over and became the active SSO member.

Access to the console of the standby controller is disabled once HA has formed on the cloud controller.

To enable it, login
by SSH/console to the active 9800 WLC and enter these commands:

you should now be able to log into the standby controller and have access from ESXI:

HA configuration can be viewed from the GUI

Verify HA status of both controllers



A look at the CLI of both controllers shows that the standby has the same IP addresses as the primary but the interfaces are in a down/down state:

Veirfy the status of the HA pair from the GUI of the primary controller:

Let’s take a look at the AP SSO state. There’s one access point on the primary controller, the secondary controller should also have “ap state”

primary WLC

secondary WLC

wireless client summary on primary WLC

verify chassis

video of simulated primary WLC failure. Client running continuous ping…

AP and client fail over was seamless as shown in the video. The client was able to continuously pinging

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.