Wireless Availability Pair of C5210's - Cannot ping/connect to secondary (also is unlicensed?)


Userlevel 5
I just installed a second C5210 this morning in an availability pair. I *think* I am done. I went through the user guide and checked that the VNS's were showing as "syncrhonized". And when I look at a report, it appears okay.

However - is it normal for the secondary controller to be completely offline when it's in standby mode? If I go through the wizard and set up availability, it succeeds. And while it is synchronizing everything, I can ping the secondary. But as soon as it's done the pings drop. I am guessing this is to keep the controllers from trying to reach it.

But then, how can I get into it when I need to? Such as when performing a software upgrade?

Also it appears to be unlicensed and in permanent demo mode. Is that also normal? Or do I need to install all my licences onto my secondary unit as well? Of course, I am only able to see that because I am connected via the Admin/management port. And perhaps I am just being nosy and should leave it alone.

4 replies

Userlevel 5
Hello Steve,

The secondary controller should be configured similar to the primary controller and also be fully licensed. This requires a separate Domain License that is based off of the locking-id (mac address of the Admin port) of that controller.

You should also configure a management IP for a physical interface on the secondary controller in order to access it through HTTPS and communication to the primary controller. Once configured properly the AP's on your primary will have backup tunnels and the Availability Report will reflect that.

The articles below will help explain this and as always, you can reach out to the GTAC for assistance.
https://gtacknowledge.extremenetworks.com/articles/How_To/Configure-High-Availability-on-the-Extreme...

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Synchronize-a-Pair-IdentiFi-Wireles...

https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-explain-the-Access-Point-Availability...

Regards,
Jason
Userlevel 5
Jason wrote:

Hello Steve,

The secondary controller should be configured similar to the primary controller and also be fully licensed. This requires a separate Domain License that is based off of the locking-id (mac address of the Admin port) of that controller.

You should also configure a management IP for a physical interface on the secondary controller in order to access it through HTTPS and communication to the primary controller. Once configured properly the AP's on your primary will have backup tunnels and the Availability Report will reflect that.

The articles below will help explain this and as always, you can reach out to the GTAC for assistance.
https://gtacknowledge.extremenetworks.com/articles/How_To/Configure-High-Availability-on-the-Extreme...

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Synchronize-a-Pair-IdentiFi-Wireles...

https://gtacknowledge.extremenetworks.com/articles/Q_A/Can-you-explain-the-Access-Point-Availability...

Regards,
Jason

Hello Jason,

This requires a separate Domain License that is based off of the locking-id (mac address of the Admin port) of that controller.

OK! I screwed that up then. I went and registered the voucher to the locking ID of the primary controller. And then I wondered why that license could not be applied. Duh! I have opened a GTAC case to get that fixed. Hopefully they can 'release' that voucher and let me start over. I did not see a way to release the license myself on the portal.

You should also configure a management IP for a physical interface on the secondary controller in order to access it through HTTPS and communication to the primary controller.

That, I did do. And it must be working. Because there is communication between the controllers. But I can only ping it when the controllers are going through the initial pairing process. And once that is done, I can no longer ping it or reach it through it's physical IP interface. I set this up all exactly like I did my primary controller (different IP, of course - but same subnet, etc).

I may end up having to open a case for that too.

EDIT: NOW I can reach it, and I have to wonder if I was having problems before - because I was trying to access it over the wireless network (creating a routing loop somewhere). But from my workstation, I am able to pop into the admin interface and ping without any problems.
Userlevel 5
Support was able to resolve my license issue rather quickly yesterday so that I could register the domain license to the correct locking ID. I am now licensed and operational.

We can chalk this up as SOLVED.

Thanks everyone.
Userlevel 5
Glad to hear Steve! Thanks for letting us know.

Reply