- Introduction to Administering Cisco Prime Infrastructure
- Administrator Setup Tasks
- Prime Infrastructure Server Settings
- Maintaining Prime Infrastructure Server Health
- Backing Up and Restoring Prime Infrastructure
- Maintaining Network Health
- Managing Data and Collection Retention
- Configuring Controller and AP Settings
- Configuring High Availability
- Configuring Wireless Redundancy
- Controlling User Access
- Advanced Monitoring
- Managing Licenses
- Managing Traffic Metrics
- Planning Network Capacity Changes
- Appendix A: Prime Infrastructure Internal SNMP Trap Generation
- Appendix B: Best Practices: Server Security Hardening
- Appendix C: Configuring the Plug and Play High Availability Feature
Cisco Prime Infrastructure 3.0 Administrator Guide
- Updated:
- February 1, 2018
Chapter: Appendix C: Configuring the Plug and Play High Availability Feature
Configuring High Availability for Plug and Play Gateway
This chapter explains how to configure the High Availability (HA) functionality for the Cisco Plug and Play Gateway standalone server and how to incorporate the feature along with HA implemented in Prime Infrastructure (where the primary and secondary servers have two different IP addresses) and Prime Infrastructure 3.0 virtual IP address HA Model.
How Cisco Plug and Play Gateway HA Works
Prime Infrastructure 3.0 and earlier releases supported a single Cisco Plug and Play Gateway in either of these modes:
HA was not available in both these solutions, and Cisco Plug and Play Gateway does not connect to the secondary Prime Infrastructure server automatically. It has to be manually redirected to the secondary Prime Infrastructure server.
Prime Infrastructure 3.0 supports Plug and Play Gateway in HA. The Cisco Plug and Play HA feature aims at providing the following:
- HA on a standalone server Plug and Play Gateway by providing a secondary standby Plug and Play Gateway.
- HA support between the standalone Plug and Play Gateway and Prime Infrastructure HA.
- HA support for Prime Infrastructure integrated Plug and Play Gateway.
Cisco Plug and Play Gateway HA Prerequisites
Before using the HA feature on Cisco Plug and Play Gateway, you must:
- Configure the primary and secondary Prime Infrastructure servers and these must be accessible from Plug and Play Gateway standalone servers. See Configuring High Availability for more details.
- Ensure that the primary and secondary Prime Infrastructure SSL server certificates used for Message Queue Ports 61617 and Health Monitor port 8082 are available for extraction from primary and secondary servers for Prime Infrastructure HA mode with different IP addresses. See Setting Up High Availability for more details.
- For virtual IP Address based HA, both primary and secondary servers must have the virtual IP address and certificates. See Using Virtual IP Addressing with HA for more details.
- At least one of the Prime Infrastructure server Message Queue port 61617 port must be active at all times depending on the service which will take the HA role.
- Install the primary and secondary Plug and Play Gateway Virtual Machines. See Cisco Prime Infrastructure 3.0 Quick Start Guide for details of installation of virtual machines from OVA file.
Setting up Cisco Plug and Play Gateway HA
This section explains the different methods to configure Cisco Plug and Play Gateway in HA.
- Cisco Plug and Play Gateway HA Prerequisites
- Setting up Standalone Cisco Plug and Play Gateway for Prime Infrastructure HA
- Cisco Standalone Plug and Play Gateway Server HA Setup
- Cisco Plug and Play Gateway Status
- Cisco Plug and Play Gateway HA and Prime Infrastructure Combinations
Setting up Standalone Cisco Plug and Play Gateway for Prime Infrastructure HA
The Cisco Prime Infrastructure server in HA can be configured in two modes:
- Virtual IP addresses for primary and secondary servers. See Using Virtual IP Addressing with HA for more details.
- Different IP addresses for primary and secondary servers. See Setting Up High Availability for more details.
The standalone Cisco Plug and Play Gateway can be configured to work in both of these modes with a slight modification in the setup procedure.
Prime Infrastructure in HA with Virtual IP Address
Prime Infrastructure can be configured with a virtual IP address which floats across the primary and secondary servers, depending on the server that is active. Enter the virtual IP address of Prime Infrastructure in HA while setting up Cisco Plug and Play Gateway.
Integrated Plug and Play Gateway within Prime Infrastructure will work if the same virtual IP address is transferred to the active node. Cisco Plug and Play Gateway integrated with Prime Infrastructure will be configured automatically to use the Prime Infrastructure virtual IP address. No specific configuration is required to configure Cisco Plug and Play Gateway.
Prime Infrastructure in HA with Different IP Address
Prime Infrastructure can be configured with primary and secondary servers having different IP addresses. For configuring Cisco Plug and Play Gateway, run the pnp setup advance command in the advanced setup and enter the following information:
- Primary IP address.
- Enter y, when prompted if a secondary server is to be configured.
- Secondary IP address.
See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details about running the commands.
Note
Cisco Plug and Play Gateway integrated with Prime Infrastructure will not work when the primary and secondary servers have different IP addresses because the bootstrap configuration needs to be changed according to the active node.
Cisco Standalone Plug and Play Gateway Server HA Setup
Cisco Standalone Plug and Play Gateway can also be configured in HA with a secondary server for failover. Cisco Plug and Play Gateway in HA is always configured with a virtual IP address on the active node. For setting up the standalone Plug and Play Gateway in HA you must:
- Install two reachable Cisco Plug and Play Gateways with different IP addresses.
- Run the pnp setup or pnp setup advance command on the primary Cisco Plug and Play Gateway. See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details.The primary server will automatically configure secondary Cisco Plug and Play Gateway at the end of the setup.
- Enter y when prompted, if you want to configure HA with primary Cisco Plug and Play Gateway HA server.
Note The standalone Cisco Plug and Play Gateway with Prime Infrastructure in HA has automatic failover from primary to secondary. Manual failover is not available.
The standalone Cisco Plug and Play Gateway with Prime Infrastructure in HA can be configured to failback manually or automatically from the secondary to primary server.
Enter the Cisco Plug and Play Gateway virtual IP address, virtual host name, IP address and username and password of the secondary server as part of pnp setup. Enter 0 for manual failback and 1 for automatic failback when prompted during the setup.
Note We recommend manual failback. Automatic failback is not recommended because in case of scenarios like flapping interface, failover and failback happens continuously.
Cisco Plug and Play Gateway Status
The Cisco Plug and Play Gateway status interface provides additional information regarding the following:
This displays whether the Cisco Plug and Play Gateway is connected to port 61617 in the primary server IP address or on secondary server IP address.
– If Cisco Plug and Play Gateway is not connected to Prime Infrastructure, the status is displayed as down. No failover will happen in this case.
– If the virtual IP address has been entered during setup, the status will display only the address. Cisco Plug and Play Gateway status cannot identify whether it is connected to the primary or secondary server.
Along with the status for the different Cisco Plug and Play Gateway processes, it will also display the Cisco Plug and Play Gateway in active mode when both the gateways are up. The status will also show the connection status between the primary and secondary servers as an additional value in the table.
To check the status of the Cisco Plug and Play Gateway server, log in to the gateway server and run the pnp status command. See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details.The gateway server status is displayed.
See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details on running the commands.
Removing Cisco Plug and Play Gateway in HA
To delete the HA configuration for Prime Infrastructure with different primary and secondary IP addresses in the standalone Cisco Plug and Play Gateway, run the pnp setup advance advanced setup command and enter n when prompted.
For deleting Cisco Plug and Play Gateway HA, run the pnp setup or pnp setup advance command and enter n when prompted.
See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details.
Note When deleting Cisco Plug and Play Gateway HA, the administrator must manually modify the dynamic port allocation cns event command and decommission the secondary server, if HA is being turned off. The Cisco Plug and Play Gateway secondary server will continue to run with the virtual IP address if it is not decommissioned.
Cisco Plug and Play Gateway HA and Prime Infrastructure Combinations
The Cisco Plug and Play Gateway functionality allows different configurations for HA with Prime infrastructure. The various combinations, as per the configuration options available, are:
– The Prime Infrastructure server without HA.
– The Prime Infrastructure server with HA with the virtual IP address.
– Prime Infrastructure server with HA with the primary and secondary servers having two IP addresses.
- Standalone Cisco Plug and Play Gateway with HA and virtual IP address (Two Cisco Plug and Play Gateways)
– Prime Infrastructure server without HA.
– Prime Infrastructure server with HA with the virtual IP address.
– Prime Infrastructure server with HA with the primary and secondary servers having two IP addresses.
– Prime Infrastructure server without HA.
– Prime Infrastructure server with HA with the virtual IP Address.
Limitations of Cisco Plug and Play Gateway HA
The Cisco Plug and Play Gateway HA feature has the following limitations:
- Any Plug and Play requests that are partially completed on the Cisco Plug and Play Gateway during failover and failback (the Prime Infrastructure and Cisco Plug and Play Gateway standalone server) will remain incomplete in the Prime Infrastructure server and these may not be configured successfully on the device.
- Failover and failback takes five to ten minutes during which Cisco Plug and Play Gateway provisioning does not happen. Devices that have received bootstrap with cns config initial will continue to reach Cisco Plug and Play Gateway for provisioning. See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details.
- Devices take time to connect to the backup server once the IP address is moved from the active to standby server depending on the configuration available in the cns event command for reconnect time. See Command Reference Guide for Cisco Prime Infrastructure 3.0 for more details.
- Cisco Prime Infrastructure integrated Plug and Play Gateway will support HA if the HA configuration in Prime is based on a virtual IP address. Prime Infrastructure HA with different IP addresses for primary and secondary servers will not support the Plug and Play Gateway HA functionality in the integrated server.
- For the Cisco Prime Infrastructure integrated Plug and Play Gateway, SSLv3 is disabled by default on all Gateway SSL ports (for example, ports 11012, 11014, and so on).
- How Cisco Plug and Play Gateway HA Works
- Setting up Cisco Plug and Play Gateway HA
- Removing Cisco Plug and Play Gateway in HA
- Cisco Plug and Play Gateway HA and Prime Infrastructure Combinations
Feedback