Wireless Access

Reply
MVP
Posts: 4,301
Registered: ‎07-20-2011

Replacing Master M3 controller with a 3600 Controller

 

We are trying to replace the master M3 controller with a 3600 Controller but the only thing is that we have CPSec enabled.

 

We added the 3600 controller as a local to M3 master this way it has all the config .

 

We are planning to do a flash backup, local-userdb backup , running-config backup.

 

My concern is whether all the certs will have to be re-issued once we bring the 3600 as a master.

 

Thanks

 

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Moderator
Posts: 53
Registered: ‎04-09-2007

Re: Replacing Master M3 controller with a 3600 Controller

[ Edited ]

You will need to setup the new controller as a backup master by setting up master-redundancy and sync the database, that is the only way to achieve this without requiring APs to recertify.

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Replacing Master M3 controller with a 3600 Controller

Thanks for the Reply.

 

What's the best way to achieve that without service impacting the users ?

 

Thanks

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Moderator
Posts: 53
Registered: ‎04-09-2007

Re: Replacing Master M3 controller with a 3600 Controller

To answer that would need to know a bit more about what else the current master is doing, for example:

 

- Do you have APs terminated on the master? (not best practice in a multi-controller environment)

- Are you using the current master internal database for guest accounts, mac address authentication, RAP whitelist, etc?

 

One way you can approach this would be to setup VRRP between current master (requirement for master redundancy config) and new master, make sure current master has higher priority.  Ensure backup master is in sync and sync database at least once (database sync from cli).  You can see the results with a "show switches" and "show database synchronization".  Once this is done, disconnect the backup master from the network and remove vrrp and master redundancy config.  Change its IP address to be the IP of the current master.  When you are ready for the switch, disconnect the current master from the network and connect the new master to the network.  Their does not have to be done instantaneously, the master (assuming it is only being used for CPSEC root) is only needed when new AP is added to the network.  If you are using it for more than that per the above questions, you should do this instantaneously.

 

Regards, 

 

Austin

 

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Replacing Master M3 controller with a 3600 Controller

Thanks for the Reply

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: