Wireless Access

We are trying to replace the master M3 controller with a 3600 Controller but the only thing is that we have CPSec enabled.

We added the 3600 controller as a local to M3 master this way it has all the config .

We are planning to do a flash backup, local-userdb backup , running-config backup.

My concern is whether all the certs will have to be re-issued once we bring the 3600 as a master.

Thanks

You will need to setup the new controller as a backup master by setting up master-redundancy and sync the database, that is the only way to achieve this without requiring APs to recertify.

Thanks for the Reply.

What's the best way to achieve that without service impacting the users ?

Thanks

To answer that would need to know a bit more about what else the current master is doing, for example:

- Do you have APs terminated on the master? (not best practice in a multi-controller environment)

- Are you using the current master internal database for guest accounts, mac address authentication, RAP whitelist, etc?

One way you can approach this would be to setup VRRP between current master (requirement for master redundancy config) and new master, make sure current master has higher priority.  Ensure backup master is in sync and sync database at least once (database sync from cli).  You can see the results with a "show switches" and "show database synchronization".  Once this is done, disconnect the backup master from the network and remove vrrp and master redundancy config.  Change its IP address to be the IP of the current master.  When you are ready for the switch, disconnect the current master from the network and connect the new master to the network.  Their does not have to be done instantaneously, the master (assuming it is only being used for CPSEC root) is only needed when new AP is added to the network.  If you are using it for more than that per the above questions, you should do this instantaneously.

Regards, 

Austin

Thanks for the Reply